H

Walk-in || Application Security Analyst

Happiest Minds Technologies · Bengaluru, Karnataka, India

2–8 yrs experiencefull_timePosted 3w ago
Apply now →

Job description

**Job Title:** Lead - Application Security & Penetration Testing **Location:** Bangalore **Experience:** 710 years (minimum 5 years in Application Security and Penetration Testing) **Overview** We are seeking a seasoned professional to lead and deliver comprehensive application and API security assessment services for our clients, including web application penetration testing, API security testing, remediation advisory, and retesting. The role involves managing dynamic and grey box testing methodologies, reporting, and remediation processes aligned with industry standards such as OWASP, SANS, CREST, and NIST. As a Lead, you will oversee engagements, ensure quality delivery, and work closely with stakeholders to mitigate risks effectively. **Responsibilities:** - Application Penetration Testing: - Automation of security controls in CI/CD and security validation and testing: SAST, DAST, IAST, SCA. - Conduct comprehensive grey box penetration testing for web applications. - Perform security assessments targeting application business logic vulnerabilities in addition to OWASP standards. - Assess and test critical areas such as: - Authentication, session management, and authorization mechanisms. - Client-side controls, access controls, encryption, and shared hosting vulnerabilities. - Web server vulnerabilities, input-based vulnerabilities (e.g., SQL Injection, XSS, Path Traversal), and business logic flaws. - Profile applications, identify attack surfaces, and conduct both automated and manual vulnerability detection. - Provide detailed findings in CVSS v3 scoring format, along with tailored mitigation recommendations. - API Security Testing - Conduct API penetration testing using grey box approaches, covering presentation, security, discovery, access, and transport layers. - Test for API-specific vulnerabilities such as parameter tampering, malformed XML, SQL/XPath injection, authentication attacks, replay attacks, and privilege escalation. - Assess security specifications including X.509, SAML, and security token implementations. - Vulnerability Management & Remediation Advisory - Deliver remediation consultation to client teams, guiding developers on mitigating identified vulnerabilities. - Collaborate with stakeholders to validate findings and present technical accuracy reports. - Conduct retests post-remediation to ensure closure of vulnerabilities within stipulated timelines. - Team Leadership & Stakeholder Collaboration - Lead a team of security consultants, providing mentorship and ensuring quality delivery. - Act as a point of contact for clients to discuss findings, mitigations, and risk management strategies. - Present reports to stakeholders and provide insights for managing technology risks. - Standards and Tools - Ensure adherence to security standards such as OWASP, SANS, CREST, and NIST during assessments. - Proficiently use tools like Burp Suite, Nessus, nmap, and other commercial/open-source tools for automated scanning and vulnerability detection. **Required Skills & Qualifications** - Bachelor’s degree in Computer Science, Information Security, or a related field. - Relevant certifications (e.g., CEH, OSCP, GWAPT, CISSP) are highly desirable. - In-depth knowledge of application and API security testing methodologies. - Hands-on experience with both automated and manual testing techniques. - Proficiency in vulnerability management, risk mitigation, and technical reporting. - Strong communication and presentation skills, with the ability to engage with technical and non-technical stakeholders. - Experience leading teams and managing end-to-end delivery of security assessment projects. - Experience with shared hosting or multi-tenant environments. - Familiarity with DevSecOps and integrating security testing into CI/CD pipelines. - Knowledge of security testing for thick clients, SOAP, WSDL, and XML-based services. - Exposure to content-level attacks, replay attacks, and advanced web server configurations. **Other skills** - Be a team player with good communication and interpersonal skills. - Collaborate with stakeholders to address security concerns proactively. - Strong analytical and problem-solving skills. - Strong drive to excel professionally, and to guide and motivate others. - Proactive, dedicated, innovative, resourceful, and able to work under pressure. - Excellent written and verbal communication skills in English, with the ability to present ideas and results to technical and non-technical audiences.