Engineer II - Application Security Test

Location: Bangalore, India

Department: IT Infrastructure

Experience: 3-5

• DAST/SAST (Dynamic Application Security Testing/Static Application Security Testing): Perform both dynamic and static analysis of applications to identify security vulnerabilities.
• Secure Code Review - Coding Best Practices: Conduct systematic reviews of source code to ensure adherence to secure coding principles and identify potential weaknesses.
• Software Development Posture and Inventory Management/Monitoring: Continuously manage and monitor the security state of all software assets and their underlying infrastructure.
• Perform security testing on code, applications, IoT devices, and communication protocols developed by the organization: Execute various security tests on the organization's proprietary software, IoT devices, and communication methods to uncover vulnerabilities.
• Identify vulnerabilities and weaknesses in the software and applications, reporting findings to the development team: Discover and clearly report security flaws in software and applications to development teams for remediation.
• Collaborate with developers to integrate security testing throughout the software development lifecycle (SDLC): Work closely with development teams to embed security activities into every stage of the software development process.
• Review and audit security-related documentation for compliance with security best practices: Examine and verify security documentation to ensure it meets established industry standards and best practices.
• Develop and execute penetration testing scripts and automated testing tools to identify potential exploits: Create and run specialized programs to simulate attacks and discover exploitable vulnerabilities.
• Conduct risk assessments and provide actionable recommendations for mitigating security risks and vulnerabilities: Evaluate potential security threats and offer practical solutions to reduce or eliminate risks.
• Stay updated with the latest trends, technologies, and best practices in application security: Continuously research and learn about emerging threats, new security tools, and industry standards to maintain expertise.

• 2-3 years of experience in security application testing or related fields.
• Strong understanding of web application security, IoT security, and communication protocols.
• Experience with security testing tools like Burp Suite, OWASP ZAP, and others.
• Proficiency in programming languages such as Python, Java, or C/C++.
• Understanding of secure coding practices and software development lifecycles.

• Experience in penetration testing, vulnerability assessments, and threat modeling.
• Knowledge of common security frameworks and standards (e.g., OWASP, NIST).
• Familiarity with automated testing and DevSecOps practices.
• Certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional) are a plus.