Application Penetration Tester & Secure Code Reviewer

Overview

Job Title: Application Penetration Tester & Secure Code Reviewer (Urgent Requirement)

Location: Mumbai (Hybrid)

Department: Information Security / Application Security

Reports To: CISO, Mswipe Technologies Pvt. Ltd.

Role Overview

Mswipe Technologies is seeking a skilled Application Security Specialist proficient in penetration testing and secure code review to strengthen the security posture of its payment and fintech platforms.

The candidate will identify, exploit, and remediate vulnerabilities across web, mobile, and API-based applications, ensuring adherence to OWASP Top 10 (2021) and CWE/SANS Top 25 (2024) security practices.

This role requires close collaboration with developers, QA, and infrastructure teams to embed security within the Secure SDLC (SSDLC) and DevSecOps environment.

Key Responsibilities

1. Application Penetration Testing

• Perform manual and automated penetration testing on Mswipe’s web, mobile, and API applications.
• Identify vulnerabilities related to OWASP Top 10 categories such as Injection, Broken Authentication, Security Misconfigurations, and Sensitive Data Exposure.
• Simulate real-world attack vectors to assess exploitability and impact.
• Validate fixes and perform retesting post-remediation.
• Prepare detailed reports with risk severity, technical details, business impact, and mitigation recommendations.
• Contribute to integration of security testing tools into CI/CD pipelines to support continuous application security validation.

2. Secure Code Review

• Conduct manual and tool-assisted code reviews (Java, Python, .NET, Node.js, PHP, etc.) to detect security weaknesses aligned with CWE/SANS Top 25.
• Identify issues such as improper input validation, insecure deserialization, broken access control, SQL injection, and other common coding flaws.
• Provide secure coding recommendations and work closely with developers to remediate issues.
• Develop and maintain Mswipe’s secure coding guidelines, checklists, and best practices.
• Participate in code walkthroughs and educate developers on secure coding techniques.

3. Collaboration & Security Integration

• Collaborate with product, engineering, and QA teams to embed security within SDLC stages.
• Support threat modeling and architecture security reviews for new features or system integrations.
• Conduct developer training sessions on OWASP, secure coding, and common attack prevention.
• Assist in maintaining evidence for PCI DSS and ISO 27001 audits related to application security testing.

Required Skills & Experience

• 3–7 years of experience in application security, penetration testing, or secure code review.
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and OWASP ASVS standards.
• Hands-on experience with tools such as:
• Burp Suite Pro, OWASP ZAP, Postman, MobSF, Frida, Drozer, apktool, Metasploit
• SAST tools: SonarQube, Checkmarx, Fortify, Veracode
• DAST tools: OWASP ZAP, Netsparker, Acunetix
• Familiarity with secure coding practices in Java, JavaScript, Python, or similar languages.
• Knowledge of API security, JWT/OAuth2, and cryptographic controls.
• Strong communication skills to translate technical risks into business context.

Preferred Certifications

• Offensive Security: OSCP, OSWE, eWPT, GPEN, GWAPT (Anyone is Mandatory)
• AppSec & Secure Coding: CSSLP, CEH (Practical), eCPPT (Anyone is Mandatory)
• Compliance Familiarity: PCI DSS, ISO 27001, SOC 2

Soft Skills

• Analytical and methodical approach to problem-solving.
• Attention to detail and thorough documentation habits.
• Excellent written and verbal communication.
• Team player with proactive attitude and learning mindset.

Performance Indicators

• % of applications tested and remediated per release cycle.
• Reduction in recurring vulnerabilities across sprints.
• Code review coverage and vulnerability closure rate.
• Developer feedback and improvement in secure coding maturity.

Work Mode & Environment

• Hybrid role: 3 days per week from Mswipe’s Mumbai office.
• Exposure to fintech-grade applications, payment APIs, and PCI DSS environments.
• Opportunity to work closely with security engineers, DevOps, and product teams in an agile setup.

Job Type: Full-time

Pay: ₹900,000.00 - ₹1,100,000.00 per year

Benefits:

• Health insurance
• Paid sick time
• Provident Fund

Work Location: In person