Roles and Responsibilities:- Perform Dynamic Application Security Testing (DAST) on web applications and APIs (manual and tool-based). - Analyze DAST scan results, identify and prioritize vulnerabilities based on risk. - Participate in triage meetings with application teams to explain and document findings. - Lead deep API security testing (REST, SOAP, GraphQL), identifying flaws like BOLA, token leakage, replay attacks, etc. - Conduct manual penetration testing using offensive tools and custom payloads. - Craft custom exploit chains for vulnerabilities such as deserialization, command injection, and broken access controls. - Maintain custom scripts, payloads, and test cases to simulate real-world attacker scenarios. - Possibly perform Static Application Security Testing (SAST) and understand differences from DAST. - Document testing procedures, findings, and remediation efforts. - Communicate security findings to both technical and non-technical stakeholders. - Collaborate with DevOps, developers, and security teams to address issues. - Participate in process improvements and develop long-term testing strategies.Requirements:- 5 to 7 years of hands-on experience in web application security testing. - Strong knowledge in: - Web & API penetration testing. - DAST & SAST methodologies. - API security concepts and testing. - Proficiency in offensive security tools and Kali Linux tools (e.g., SQLMAP, Dirbuster). - Experience in identifying and exploiting common vulnerabilities (SQL Injection, XSS, CSRF, etc.). - Understanding of HTML, JavaScript. - Bonus for experience with: - Front-end tech: .NET, Java - Back-end tech: Oracle - Mobile or IoT app testing. - Bug bounty programs. - Familiarity with tools like: - DAST: Burp Suite, NetSparker - SAST: Checkmarx, Veracode, Fortify - Clear written and verbal communication skills. - Any relevant certifications (e.g., OSCP, OSWE, GWAPT, CREST) are a plus. - Experience with Red Teaming/adversary emulation is a strong advantage.
Job Title
Security Analyst - SOC