About the job
Role: Application Security Testing Specialist
We are seeking an Application Security Testing Specialist to support a high-profile
engagement with a client renowned for their rigorous standards and commitment to quality.
This role will involve comprehensive end-to-end security testing of applications, using both
automated and manual techniques across multiple environments.
Key Responsibilities
Pre-Testing Activities: Participate in planning sessions and walkthroughs to align on scope, methodology, and expectations.
Testing Execution
Application Mapping: Build a detailed functionality map by crawling and exploring both public-facing and authenticated areas of the application. Capture and analyse requests and responses using local proxy tools and
network sniffers.
Automated Scanning: Conduct vulnerability scans using commercial, open-source, and proprietary tools. Validate and refine scan results through manual analysis to eliminate false positives.
Source Code Review: Perform static code analysis with source code scanning tools to detect security flaws. Apply control flow and dataflow analysis, focusing on common vulnerability areas such as:
• Authentication & Authorisation
• Session & Configuration Management
• Input Validation & Data Handling
• Cryptography & Exception Handling
Key Skills
• Proven expertise in application security testing and secure code review.
• Proficiency with vulnerability scanners, static code analysers, and network sniffers.
• Strong knowledge of secure coding practices and vulnerability exploitation techniques.
• Ability to work effectively with global teams and manage high-stakes client relationships.
• Excellent attention to detail, documentation, and communication skills.
Required Experience
• Minimum 3 years' penetration testing experience.
• Hands-on expertise in manual exploitation of vulnerabilities (aligned with OWASP Top Ten).
• Strong track record in identifying and exploiting web application and API vulnerabilities, with emphasis on manual testing (90%) supported by automated tools (10%) #J-18808-Ljbffr