This job offer is not available in your country.

VAPT Pentester / Web Application Security

NETSACH GLOBALBangalore, Karnataka, India

25 days ago

Job description

Greetings from Netsach - A Cyber Security Company.

We are looking for Web Application Security with 3 yrs of relevant experience and mandatory skills set are Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

Job Title : Web Application Security

Exp : 3+ - 5yrs

Job Location : Bangalore

Job Type : Full-time

Interested candidates please share your resume at emily@netsach.co.in and netsachglobal.com

Job Description

1. Job Overview

The primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

2. Job Purpose

Primary / General Job Purpose :

Encourage Shift Left Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
Assessments Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.

Key Skills Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

Tools and Technologies Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Experience with following Components :

3. Technical Requirements

Application Security Assessment Skillset

Web Application Security Owasp top 10 , CVSS etc

Security Code Review manual code review in Git etc

API Security Review Open shift, container review etc.

Database Security Requirements to enhance security on Database

Web Server Security Requirements to enhance security on the web server

Configuration Review has performed different configuration reviews and should have found good misconfigurations in the system.

Integration review How the application connects with different systems, performed security review on those integrations.

Transport Layer Security How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Soft Skills :

Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective

Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement good architecture principles to lower technical debt

Assertive personality; should be able to hold her / his own in a project board or work group setting

Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner

Ability to work under pressure and meet tough / challenging deadlines

Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not

Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint

Has strong decision making, planning and time management skills.

Can work independently.

Has a positive and constructive attitude.

4. Person Specifications

Specifications

Description of Knowledge / Skill etc.

Desirable or Essential

Education

General

Professional

Bachelors degree in a computer-related field such as computer science, cyber / information security discipline, physics, mathematics or similar

General Information Security : OSCP, CEH, CISM / CISA or similar

General Cloud Security : CCSK / CCSP or similar

Specific Cloud Security : Azure Security or similar

Network Security : CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Experiences

Years & Type)

Industry

Regional

Functional

Must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management

Knowledge & Skills

Technical

Functional

Managerial

Expert at the Web application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc.

Good understanding of Microservice based architecture (Technical)

Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection / detection & API / Micro services Security

Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST / SAST tools and building Evil Stories (Technical)

The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations.

The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards.

The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components.

The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer.

The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise

The Analyst / Engineer can understand and interpret potential issues found in source or compiled code

The Analyst / Engineer has automation skills / capability in the form of scripting or similar

The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures

Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and / or during agile ceremonies, via Evil Stories

Desirable

The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance

Desirable

The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams.

Desirable

The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and / or residual risks based on the assessment of such reports

Desirable

Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.

Good negotiation skills will be desirable

Desirable

Must have good judgment skills to decide on an exception approval

Desirable

Ability to enforce improvements when necessary, using Influence rather than Policing measures

Desirable

Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders

Desirable

Knowledge of application of Agile methodologies / principles such as Scrum or Kanban

Desirable

Behavioral Competencies

Thinking Related

People Related

Self Related

Influencer / Security Evangelist for the Team / Squad

Positive & Constructive Attitude

Autonomous worker / Decision Maker

Good listener

Patient & Calm during stressful situations

High energy individual / Motivator

Win-Win Attitude

Hacker / Defense-In-Depth mindset

Analytical thinking

Team Player / Interpersonal Skills

Eye for detail

Persistent & Persuasive

Organized / Structured

Deadline oriented

Competent and committed

Peoples Person; understands stakeholder management

Empathetic

Passionate about architecting smart solutions

Innovator / Out of the box thinker

Collaborative Leadership style

Confident Presenter

Thank You

Emily Jha

emily@netsach.co.in

Netsach - A Cyber Security Company

www.netsachglobal.com

91 8050023824

Create a job alert for this search

Application Security • Bangalore, Karnataka, India

Related jobs

Promoted

Application Security Lead

Oak TitaniumBangalore, IN

Job Title : Application Security Lead .We are a rapidly growing cybersecurity firm delivering advanced security solutions to enterprises across the Middle East, Europe, and the United States.Our mis...Show moreLast updated: 16 days ago

Promoted

Offensive Security Researcher - VAPT

Globals Ites Pvt LtdBangalore

About the Job Role : We are seeking a skilled Offensive Security Researcher with 34 years of hands-on experience in penetration testing, red teami...Show moreLast updated: 30+ days ago

Security Operations Center Analyst

RingCentralBangalore, India

It’s not everyday that you consider starting a new career.We’re RingCentral, and we’re happy that someone as talented as you is considering this role. First, a little about us, we’re the global lead...Show moreLast updated: 10 days ago

Web Application Security Expert

AXA GroupBANGALORE EAST, INDIA, INDIA

Web Application Security Expert.Your role is to ensure that AXA XLs web applications are protected via the necessary security controls. This involves understanding our applications, their vulnerabil...Show moreLast updated: 30+ days ago

Technical Security - Vulnerability Assessment

PaytmINDIA

We are seeking a highly skilled and motivated Technical Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT), Source Code Review, API Security, and Web Appl...Show moreLast updated: 30+ days ago

Promoted

Web Application Architect

RelantoBengaluru, Karnataka, India

Job Title : Web Application Architect – Agentic AI.Location : Bangalore, Hyderabad, Pune.We are looking for a highly skilled. This is a client-facing, solution-oriented role where you will lead the ar...Show moreLast updated: 9 days ago

Promoted

VAPT

Tata Consultancy ServicesBengaluru, Karnataka, India

Location : Walkin Interview on 14th June 2025 at below Locations.Tata Consultancy Services, Think Campus, JRD Auditorium Cafteria, Electronic City, Bangalore. Tata Consultancy Services, Sahyadri Par...Show moreLast updated: 24 days ago

Senior Information Security Engineer - VAPT, Thick client application

ZscalerINDIA

Serving thousands of enterprise customers around the world including 40 PERCENT of Fortune 500 companies, Zscaler (NASDAQ : ZS) was founded in 2007 with a mission to make the cloud a safe place to ...Show moreLast updated: 30+ days ago

Promoted

Web Application Developer

VerventBengaluru, IN

The Web Application Full Stack Developer will be responsible for developing the Web module feature implementation for Financial Technology applications and needs to works on both the front-end and ...Show moreLast updated: 16 days ago

Principal Security Pentester - OASE

OracleBENGALURU, KARNATAKA, India

Oracle Analytics organization plays a meaningful role in delivering and supporting best-of-breed cloud solutions to Oracle customers. The Service Excellence team at Oracle Analytics is on the verge ...Show moreLast updated: 16 days ago

VAPT Pentester / Web Application Security

Netsach GlobalBangalore, Karnataka, India

Greetings from Netsach - A Cyber Security Company.We are looking for Web Application Security with 3 yrs of relevant experience and mandatory skills set are Web Application Security Security Code r...Show moreLast updated: 1 day ago

Senior Security Engineer - CREST - CPSA, CRT

CBL - Crossbow LabsBengaluru, KA, in

Quick Apply

Perform Web Application PT, Mobile Application PT, Network VAPT, Source code review, Wireless pen-testing.Write detailed reports on VAPT findings. Perform and present research on various attack vect...Show moreLast updated: 30+ days ago

Promoted

ColorTokens - VAPT Engineer - Cyber Security

ColortokensBangalore

About ColorTokens : At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape.Breaches happenbut wit...Show moreLast updated: 15 days ago

Promoted
New!

Application Security Engineer

TELUS DigitalBengaluru, IN

We are a Digital Customer Experience organization, with a comprehensive coverage of IT Services from Traditional Services to Next Gen Digital Services. At TELUS Digital, we focus on lean, agile, hum...Show moreLast updated: 15 hours ago

Promoted

Cadence Design Systems - Senior Information Security Analyst - VAPT

CadenceBangalore

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology.Information Security Analyst Grade : IT...Show moreLast updated: 23 days ago

Promoted

VAPT - OSCP Certified

Cubical Operations LLPBangalore, IN

VAPT Consultant / SCON / DM / M / SM / AD.Gurgaon, Delhi NCR (Work from Office).We are seeking a highly skilled and motivated. Vulnerability Assessment and Penetration Testing.The ideal candidate must h...Show moreLast updated: 9 days ago

Promoted

Senior Security Engineer

VIDPRO CONSULTANCY SERVICESBangalore

KEY RESPONSIBILITIES : - Perform Web Application PT, Mobile Application PT, Network VAPT, Source code review, Wireless pen-testi...Show moreLast updated: 27 days ago

Algotale-Infosec Engineer

NexthireBangalore, India

We are seeking an Application Security Engineer to perform vulnerability assessments and penetration testing on web integrations, web application and mobile applications.Responsibilities ...Show moreLast updated: 30+ days ago