Experience in manual penetration testing, particularly in web and mobile applications.
o Strong understanding of security frameworks like OWASP Top 10 and NIST Standards.
o Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.
o Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, and Acunetix
for vulnerability assessments.
o Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to
cloud environments.
o Familiar with Azure cloud security architecture, VNets, and Azure DevOps pipelines.
o Proficient in Python, Perl, PHP, Java, and Objective C for security testing and code reviews.
o Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load
balancing strategies.
o Experience in building and assessing API security frameworks and secure coding practices for web
apps.
o Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes,
ensuring security across development, testing, and production phases.
o Active participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF)
challenges.
o Passion for discovering new vulnerabilities and security exploits.
o Excellent written and verbal communication skills to clearly articulate security risks and remediation
strategies.
o Familiar with common technology stacks such as LAMP, LEMP, and MEAN, as well as secure coding
practices for these environments.
o Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and
collaborating with development teams to resolve them.
o Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications
follow security best practices.
o Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.
o Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially in
Java, Python, and Objective C.
o Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for
identifying issues like XSS, SQLi, CSRF, etc.
o Provide feedback on application architecture regarding network security, SSL/TLS configurations,
and cloud security best practices.
o Stay updated on emerging security vulnerabilities, develop API security strategies, and integrate
- security controls into the CI/CD pipeline.