Web Application Security Consultant (WebPT P1)

Position 1: WebPT P1 - Consultant

Experience - 4+ Years

Work mode - 5 days working- Bangalore, Pune

Hybrid (3 times in office per week)

NP - Immediate

Position Type - Contractual

Roles & responsibilities:

o Perform automated testing of running applications and static code (SAST, DAST).

o Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications

o Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis.

o Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux.

o Able to explain IDOR, Second Order SQL Injection, CSRF – Vulnerability, Root cause, Remediation

Mandatory technical & functional skills

o Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent.

o Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs

o Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations.

o Preferred one year of experience in the development of web applications and/or APIs.

o should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand.

o One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA