Full-Time Application Security - VAPT

Core Responsibilities:

1. Conduct comprehensive security assessments of web applications to identify vulnerabilities such as SQL injection, XSS, CSRF, and other OWASP Top 10 vulnerabilities. + With bypass methods
2. Work closely with developers to provide actionable recommendations for mitigating identified issues.
3. Perform security assessments on RESTful and SOAP APIs to identify security flaws, including improper authentication, authorization, and data exposure.
4. Ensure APIs are securely integrated with other systems and follow best security practices.
5. Conduct security testing on mobile applications (iOS and Android) to detect vulnerabilities like insecure storage, weak encryption, and insecure communication.
6. Collaborate with mobile development teams to provide secure coding practices and remediation guidance.
7. Perform penetration tests on thick client applications, focusing on client-server communication, application logic, and security controls.
8. Identify weaknesses and recommend appropriate security enhancements.

Required Skills:

• Extensive experience in Web Application Security and penetration testing
• Strong expertise in API Security with knowledge of common vulnerabilities and attack vectors
• Hands-on experience with Mobile Application Security testing (iOS and Android)
• Proficiency in Thick Client Security assessment
• Familiarity with tools such as Burp Suite, OWASP ZAP, Postman, Frida, Qualys, and other relevant penetration testing tools
• Knowledge of OWASP, SANS, and other relevant security frameworks
• Strong analytical skills and attention to detail
• Vulnerability Management skills with experience using tools like Qualys would be a plus point.

Additional Skills:

• Excellent communication skills (written and verbal) for preparing and delivering security reports
• Ability to work independently and as part of a team
• Strong problem-solving skills and a proactive approach to identifying security risks
• Continuous learning mindset with a passion for staying ahead in the field of cybersecurity

Preferred Qualifications:

• Certifications such as OSCP, EWPTX, CRTP, CRTE, or CPTS

Qualifications:

• Bachelor's Degree
• Candidates with either of certifications such as OSCP, EWPTX, CRTP, CRTE, or CPTS would be preferred.

What is the last date for applying to the job?

Which countries are accepted for this remote job?