Application Security Testing Jobs

Skills required: (Need only Local candidate from Hyderabad1. Mobile application Automation using selenium or Apium2. Load testing3. Security testing4. API testing [Good to have]5. Exposure to CI/CD pipeline [Good to have]

ESSENTIAL DUTIES AND RESPONSIBILITIES:1. Perform Application, API and Microservices Pentest2. Perform Network Pentest (Internal and External)3. Perform Mobile App Pentest, Mobile Assessments,4. Threat Modelling, Legal Reviews,5. Reporting and the PoCs of the vulnerabilities, and Documentation,6. Coordinate with various stakeholders,7. Perform R&Ds8. Other Security AnalysisMandatory Requirements:1. Relevant Experience in Security Domain: 3+ Years.2. Proven expertise & track record in Web Application Penetration testing (Web, Mobile.3. API/Web Services on JAVA & .Net) through DAST Manual approach.4. Proven expertise & track record in Mobile Application Penetration testing (Web, Mobile. API/Web Services on JAVA & .Net) through DAST Manual approach.5. Hands-on experience in DAST tools, API (SOAPUI, PostMan).6. Experience in DAST Manual Assessments, Threat Model and Penetration Testing.7. Good Network Pentest skills-sets for external and internal networks.8. Excellent written and verbal communication skills.Preferred Skillsets:1. Hands-on experience of DevSecOps.2. Good Knowledge of Java, .NET, SQL queries (Oracle, PostgreSQL etc).3. Experience in Automating Security tasks using Python or Java Frameworks and System/Network Exploitation is a bonus.4. Experience in Red Teaming.5. Handson experience, knowledge and understanding of Security Frameworks.6. Handson experience on MS Tools.

Urgent Hiring: Senior Security Consultant(VAPT)Location: South Delhi, New DelhiJob Type: Full-Time, OnsiteExperience: 3-6 YearsJoining:ImmediateRoles and Responsibilities:- Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security assessments, Log Review, Review of Documents, Network Monitoring and Reporting- Conduct and compile findings on new vulnerabilities, new tools for departmental use-Create project deliverables / reports and assist the immediate supervisor during submissions and client discussions-Abide by the project time lines and maintain project disciplineTechnical Skills Required : Experience in performing Network Security Assessment and vulnerability Assessment.Well versed with basics of TCP/ IP and Networking principles.Good understanding of OWASP top 10 and web Application security audits.Manual Penetration Testing skills and techniques are required besides automated tools and frameworks.Familiar working with Publicly available exploits codes.Hands on knowledge on Tools : Nmap, Kali Linux, Metasploit, Armitage , Maltego, Burp, Paros Proxy Nessus, nexpose, wireshark, sqlmap etc.Qualification:Bachelor or college degree in related field or equivalent work experienceCertified Ethical Hacker (CEH)Certifications such as OSCP (Offensive Security Certified Professional) / CPTC (Certified Penetration Testing Consultant) / License Penetration Tester (LPT) are highly desiredExpertise BurpSuite Pro, Nessus, Coverity, CodeSonar and network vulnerability scanning toolsOther requirements Excellent problem-solving/analytical skillsGood business communication skillsAbility to manage tight time frames and communicate effectively with peersFlexibility to adapt to changing demands and prioritiesHow to Apply: Interested candidates are invited to submit their resume to- v.tamanna@trojanhuntindia.com

Company Name: QuesscorpJob Title: Application Security Testing + DAST + MPTExperience Required: 3-10 YearsNotice Period: Immediate / 15 Days (Max)Location: Hyderabad, Pune, Mumbai, Bangalore, Chennai, Kolkata, GurgaonDescription:Qualifications Required: Bachelor's degree or higher in Computer Science, or equivalent. 3-10 years of experience working in the application security, vulnerability assessment, penetration testing, mobile application security, Thick Client and Web API security assessments. Strong understanding of OWASP Top 10 vulnerabilities but not limited to. Proficiency in industry standard vulnerability testing tools like Appscan, Web Inspect, Burp Suite, ZAP proxy, Fiddler, Olly debugger, IDA Pro, EchoMirage etc. Ability to perform manual penetration testing and security assessments using automated tools. Knowledge of web application components like frontend, backend, databases and application servers. Understanding in web development technologies like HTML, CSS, JavaScript, PHP, JAVA, .Net and backend databases Understand on the basic concepts of reverse engineering, memory analysis etc. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professionals (OSCP), Offensive Security Web Expert (OSWE), Web Application Penetration Tester (GWAPT), Certified Ethical Hacker (CEH), or equivalentPreferred: Experience in Web and Mobile application security assessments and penetration testing. Experience with vulnerability analysis tools such as Appscan, Web Inspect, Burp Suite. Outstanding English written and oral communication skills and the ability to prioritize work Strong understanding of web and mobile vulnerabilities.

We are looking for software engineers, who are solid coders, quick learners and can effectively work in a fast-paced startup environment. Role provides amazing opportunities to work on super modern and cutting-edge technology stack - Java, microservices, Kuberntetes, Nginx, Service Meshes, API Gateways, GraphQL, MongoDB, Druid, Pinnot, Kafka, Distributed Systems, Big Data, Machine Learning, Distributed Tracing, Google Cloud Engine, AWS, Web Assembly etc. Key Responsibilities: Conduct comprehensive assessments of API security vulnerabilities and threats. Develop and implement security protocols, policies, and procedures for API access. Collaborate with cross-functional teams to ensure secure API design, development, and integration. Monitor and respond to security incidents, breaches, or unauthorized access attempts. Conduct API penetration testing and security reviews to identify vulnerabilities. Recommend and implement API security best practices and configurations. Stay current with the latest security threats and industry trends.Required Skill Sets and Qualification: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). In-depth knowledge of SOAP, REST, and GraphQL. At least 5 + Experience working with various API gateway technologies such as Mule, Kong, and Apigee. Proficiency in API Penetration Testing and DDoS attack mitigation. Strong understanding of stream transformation. Knowledge of F5 and Nginx for routing and load balancing. AWS cloud experience. Proficiency in Java and Node.js. Familiarity with authentication mechanisms, including Basic, Digest, and token-based authentication. Experience with Splunk. Experience with Akamai or other Content Delivery Networks (CDNs) is a plus. Continuous Delivery and Continuous Integration (CD/CI) experience is

The major focus will be on Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments, Red Team Assessment, Phishing, IoT, Cloud Pen testing (Azure and AWS, Google Cloud), Cloud Configuration Audit, Architecture Review. The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with operation and construction of tools to assist in these tasks. Well versed with OWASP Top Ten and WASC Threat Classifications Expertise in Vulnerability Assessment and Penetration Testing of Web Applications BusinessLogic based application testing Penetration testing of Mobile applications and websites. Exploitation of the issues found and presenting the impact occurred Source Code Reviews Well versed in Java Secure Code Review Well versed in OWASP Code Review concepts & identifiers Familiar with popular tools: Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark, Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider. Exploit Toolkits: Metasploit, Exploit DB etc Understanding of the nature and sources of security vulnerabilities, how to identify and exploit Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks. Skills Mandatory: Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile) Network Security Testing/Penetration Testing (Network, OS, Databases etc) Static Code Analysis/ Secure Code Review

Security Test Specialist Skills: Web Application Security Testing Mobile Application Security Testing Thick Client Application Security Testing API Security Testing Infrastructure& Network Security TestingJob Requirements:Key Responsibilities: Role is performing Static & Dynamic web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, penetration testing, OWASP top 10 issues, SANS top 25 issues. Will be working on security technologies for secure software such as cryptography, techniques Will be working in reviewing code developed in JAVA, Net and other leading modern programming languages and technologies Will be able to monitor Infrastructure and Network security Able to estimate efforts, plan, able to identify the right tools, right security testing techniques and strategize security testing activities (Optional for test analyst) This is mandatory for Security Test Lead/ Architect and Security Test ManagerTechnical Experience: Vast experience in removing false positives, analyzing static scan CheckMarx, Appscan Source reports. Experience on automated scanning tools ie Fortify, Asppscan Source, Sonar Cub Hands on application security testing tools like Burp, Fiddler, Postman, Wireshark etc.. Understanding of OWASP top 10/SANS top 25 and mitigation techniques Provide expert advice and recommendation to application development team as well as vendo

Project Role : Security Architect Project Role Description : Define the security architecture, ensuring that it meets the business requirements and performance goals. Must have Skills : Static Application Security Testing (SAST) Job Requirements : Key Responsibilities : Running SAST Scans, Analyzing tool results, perform SAST, Manual code review, remediation support, review open source components Technical Experience : a Reviewing application code against the secure coding baseline and practices b Experience in performing static web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues c Reviewing code developed in JAVA, Net and other leading modern programming languages d Removing false positives, analyzing static scan CheckMarx,d Good to have skills in SCA Professional Attributes : Expect to have good verbal and written communication and a good team player Educational Qualification : BE/B Tech Additional Information : Expect to have good verbal and written communication and a good team player

Good understanding of OWASP top 10, SANS Top 25, CERT, WASC standards/frameworks.. Must have in-depth understanding of web technologies, web applications and Unix-like operating systems Hands on experience in conducting manual penetration testing for Web, API and Mobile applications. Conducting manual PT for network based vulnerability assessment Thorough understanding of web application vulnerabilities and their mitigation. Expertise in identify false positive and provide mitigation solution to development team. Experience in administration of infrastructure security activies and experience in security incident handling & security assessments. . Experience in Endpoint Security products like Mcafee, Endpoint threat detection and response technologies such as EDR Experience in performing hands-on activities with F5 LTM, Web application firewall deployment, configuration, policy fine-tuning and maintenance Hands on experience in creating WAF rules/signatures to mitigate threats and implements best practices, with troubleshooting F5 appliances Experience in developing iRules and apply rules within the F5 appliances, managing Zscaler cloud proxy and troubleshooting proxy issues, Performing fine-tuning of Zscaler proxy policies and on-boarding new clients Knowledge of common information security management frameworks, such as CIS Benchmarks for AWS, Azure and GCP, Cloud Security Alliance Guidance for critical areas of focus in Cloud Computing, Cloud Controls Matrix, and NIST 800-53. Experience in CI/CD implementation. Working knowledge of one or more continuous integration tools e.g. Jenkins, Bamboo.. Performing DevOps tool integration, configuration for SecDevOps.. Experience in working & leading vulnerability Identification and remediation process across multiple stakeholders. Proactively findings loopholes in the applications, Infrastructure, Processes, Architecture, Data