Position Summary:

Web Application Penetration Tester is responsible for hacking the web applications and APIs ethically, discover the exploits, assign the risk rating using CVSS score and report the vulnerabilities.

Principal Responsibilities:

  • Understand the application architectural components, business purpose of the application and code at high level
  • Understand the threat and vulnerabilities reported in Threat Modeling, Static Code Analysis & vulnerabilities reported through open source scans
  • Perform Pentest on Web Applications, APIs & Mobile Applications using block-box testing tools, in-depth penetration tests (using shell scripts and manual testing techniques), DAST & SAST scans
  • Perform secure code reviews and code weakness w.r.t configuration, authentication mechanism, user data or roles definitions that could be exploited
  • Writing executive & detailed reports with the findings and recommendations
  • Assisting in the development of in-house testing tools and processes
  • Researching and learning about information security trends, new testing techniques, and best practices, and share findings with the team
  • Perform Red Team activities


  • 7 years of experience in Application Penetration Testing
  • Financial Services Industry experience
  • Proficiency with Application Security best practices
  • Experience working with any markup languages and shell scripts

Knowledge and Skills Required:

  • Proven knowledge of OWASP Top 10 & SANS Top 20
  • Proven knowledge of application security methodologies, policies, standards and best practices
  • Ability to explain and articulate technical concepts using both technical and non-technical language
  • Critical thinking and analytical skills
  • Strong oral and written communication skills
  • Excellent organizational skills, coupled with ability to be versatile and flexible
  • Sound business judgment and the ability to work successfully with all levels of management
  • Excellent grammar and style skills; ability to adapt writing style for different audiences and media