Responsibilities:Join planning sessions and walkthroughs to understand scope and requirementsMap out how the application works by exploring it (both public and logged-in areas).Review the source code to spot potential risks.Record and analyse traffic between client and server using tools like proxies and sniffers.Run vulnerability scans using commercial, open-source, and proprietary tools.Manually check scan results to remove false positives.Analyse the application's code using static code analysers.Test for common security issues, such as:Authentication & authorisation flawsSession & configuration management weaknessesInput validation & sensitive data handling issuesCryptography & exception handling gapsRequirementsAt least 3 years in penetration testing.Manual exploitation of vulnerabilities following OWASP Top Ten standards.Practical experience finding and exploiting web app and API vulnerabilities (mainly manual testing ~90%, some automated testing ~10%)Strong experience in application security testing and secure code review.Hands-on experience with vulnerability scanners, static code analysers, and network sniffers.Knowledge of secure coding practices and how to detect vulnerabilities.Ability to work with global teams and deliver high quality work and standardsAttention to detail, documentation, and communication skills.