Application Security Tester

Position Overview

The position will report to the Head of Application Security and work in collaboration with the application development teams. The position will be accountable for application security testing of corporate built applications, including but not limited to DAST, SAST, SCA, security unit testing, and security functional testing. The individual will be directly responsible for DAST, SAST, and SCA. The individual will partner with the application development and testing teams to assist with security unit testing and functional unit testing based on security requirements.

Job Responsibilities

• Oversee security testing activities to measure the effectiveness of security controls, including penetration testing, vulnerability scanning, and security assessments.
• Ensure application security testing findings are recorded in defect tracking systems.
• Provide guidance to application development and testing teams to build unit and functional test cases to validate, including penetration testing, vulnerability scanning, and security assessments requirements.
• Perform security code reviews to identify and remediate security vulnerabilities in application code. Look for common security flaws such as injection attacks, cross-site scripting (XSS), and insecure configurations.
• Provide guidance and training to development teams on secure coding practices, security principles, and relevant security tools and technologies.
• Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes.

Qualifications

Required

• Bachelor’s degree in cyber security (or) related degree and experience.
• Five or more years’ experience in Cyber Security.
• Two or more years’ experience in SAST or DAST testing tools.
• Two or more years’ experience in vulnerability scanning tools.
• Understanding of API and Web security vulnerabilities.
• Familiarity with OWASP Top 10 API, Web and Mobile Application Security Risks.
• Strong verbal and written communications skills.
• Strong Customer service skills.
• Experience working with application security testing tools (e.g., Burp Suite ZAP, or similar).

Preferred

• Experience in unit testing.
• Experience in functional testing.
• Experience with software testing automation.
• Experience with WAF.
• Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN) or other relevant certifications.
• Familiarity with regulatory controls and industry best practices such as HIPAA, PCI, CIS, HiTrust, ISO 27001, NIST, etc.)