Responsibilities:
* Join planning sessions and walkthroughs to understand scope and requirements
* Map out how the application works by exploring it (both public and logged-in areas).
* Review the source code to spot potential risks.
* Record and analyse traffic between client and server using tools like proxies and sniffers.
* Run vulnerability scans using commercial, open-source, and proprietary tools.
* Manually check scan results to remove false positives.
* Analyse the application's code using static code analysers.
* Test for common security issues, such as:
* Authentication & authorisation flaws
* Session & configuration management weaknesses
* Input validation & sensitive data handling issues
* Cryptography & exception handling gaps
Requirements
* At least 3 years in penetration testing.
* Manual exploitation of vulnerabilities following OWASP Top Ten standards.
* Practical experience finding and exploiting web app and API vulnerabilities (mainly manual testing ~90%, some automated testing ~10%)
* Strong experience in application security testing and secure code review.
* Hands-on experience with vulnerability scanners, static code analysers, and network sniffers.
* Knowledge of secure coding practices and how to detect vulnerabilities.
* Ability to work with global teams and deliver high quality work and standards
* Attention to detail, documentation, and communication skills.