Application Penetration Tester

Job Description:

• We are seeking a skilled Application Penetration Tester to join our dynamic team.
• As an Application Penetration Tester, you will be responsible for conducting thorough manual assessments of various applications and systems to identify and exploit vulnerabilities.
• Your primary focus will be on web applications, internal applications, APIs, internal and external networks, and mobile applications.

Responsibilities:

• Perform Manual Application Penetration Test one or more of the following to Client and exploit vulnerability, web Application , internal application , API, Internal and external networks , and mobile application .
• Conduct manual penetration tests on a variety of applications and systems including web applications, internal applications, APIs, internal and external networks, and mobile applications.
• Identify and exploit vulnerabilities in applications and systems to assess the security posture.
• Perform in-depth analysis of vulnerabilities to determine their potential impact and provide recommendations for remediation.
• Collaborate with cross-functional teams to ensure comprehensive security testing coverage.
• Document findings, including detailed exploit chains and proof-of-concept demonstrations.
• Stay up-to-date with the latest security trends, techniques, and tools.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• Proven experience in manual application penetration testing.
• Strong understanding of web application architecture, protocols, and technologies (e.g., HTTP, HTML, JavaScript, AJAX).
• Familiarity with various security testing tools such as Burp Suite, Metasploit, Nmap, etc.
• Experience with scripting languages such as Python, Perl, or Bash.
• Knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and exploitation techniques.
• Experience with mobile application security testing is a plus.
• Excellent communication skills with the ability to convey technical concepts to both technical and non-technical stakeholders.
• Certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or similar are desirable.