Perform web application security assessments including VAPT (DAST, SAST, SCA).

Identify and remediate vulnerabilities such as OWASP Top 10, SQL Injection, XSS, CSRF, SSRF, IDOR, and authentication flaws.

Conduct manual and automated security testing of web applications and APIs.

Review application architecture, design, and source code for security weaknesses.

Integrate security testing into CI/CD pipelines and DevSecOps practices.

Work closely with development and DevOps teams to implement secure coding practices.

Validate remediation of security findings and provide risk-based recommendations.

Support compliance and audit requirements (ISO 27001, SOC 2, PCI DSS, GDPR).

Prepare detailed security assessment reports and present findings to stakeholders.

Stay updated with emerging application security threats, tools, and techniques.

5+ years of experience in Web Application Security / Application Security Testing.

Strong understanding of OWASP Top 10, OWASP ASVS, and secure coding standards.

Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Veracode, Acunetix, Netsparker.

Experience in API security testing (REST, SOAP, GraphQL).

Good understanding of web technologies: HTTP/S, HTML, JavaScript, JSON, XML.

Familiarity with at least one programming language (Java, .NET, Python, JavaScript).

Knowledge of authentication mechanisms (OAuth 2.0, JWT, SAML).

Experience working in Agile and DevOps environments.

CEH