Talent.com
This job offer is not available in your country.
VAPT Pentester / Web Application Security

VAPT Pentester / Web Application Security

NETSACH GLOBALbangalore, India
7 hours ago
Job description

Greetings from Netsach - A Cyber Security Company.

We are looking for Web Application Security with 3 yrs of relevant experience and mandatory skills set are Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

Job Title : Web Application Security

Exp : 3+ - 5yrs

Job Location : Bangalore

Job Type : Full-time

Interested candidates please share your resume at and netsachglobal.com

Job Description

1. Job Overview

The primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

2. Job Purpose

Primary / General Job Purpose :

  • Encourage Shift Left Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
  • Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
  • Assessments Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.

Key Skills Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

  • Tools and Technologies Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

    • Experience with following Components :

    3. Technical Requirements

    Application Security Assessment Skillset

  • Web Application Security Owasp top 10 , CVSS etc
  • Security Code Review manual code review in Git etc
  • API Security Review Open shift, container review etc.
  • Database Security Requirements to enhance security on Database
  • Web Server Security Requirements to enhance security on the web server
  • Configuration Review has performed different configuration reviews and should have found good misconfigurations in the system.
  • Integration review How the application connects with different systems, performed security review on those integrations.
  • Transport Layer Security How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

    • Soft Skills :

  • Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
  • Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement good architecture principles to lower technical debt
  • Assertive personality; should be able to hold her / his own in a project board or work group setting
  • Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner
  • Ability to work under pressure and meet tough / challenging deadlines
  • Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not
  • Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
  • Has strong decision making, planning and time management skills.
  • Can work independently.
  • Has a positive and constructive attitude.

    • 4. Person Specifications

    Specifications

    Description of Knowledge / Skill etc.

    Desirable or Essential

  • Education
  • General
  • Professional

    • Bachelors degree in a computer-related field such as computer science, cyber / information security discipline, physics, mathematics or similar

  • General Information Security : OSCP, CEH, CISM / CISA or similar
  • General Cloud Security : CCSK / CCSP or similar
  • Specific Cloud Security : Azure Security or similar
  • Network Security : CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist
  • Experiences

    • (Years & Type)

  • Industry
  • Regional
  • Functional

    • Must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management

  • Knowledge & Skills
  • Technical
  • Functional
  • Managerial

    • Expert at the Web application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc.

    Good understanding of Microservice based architecture (Technical)

    Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection / detection & API / Micro services Security

    Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST / SAST tools and building Evil Stories (Technical)

    The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations.

    The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards.

    The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components.

    The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer.

    The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise

    The Analyst / Engineer can understand and interpret potential issues found in source or compiled code

    The Analyst / Engineer has automation skills / capability in the form of scripting or similar

    The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures

    Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and / or during agile ceremonies, via Evil Stories

    Desirable

    The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance

    Desirable

    The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams.

    Desirable

    The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and / or residual risks based on the assessment of such reports

    Desirable

    Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.

    Good negotiation skills will be desirable

    Desirable

    Must have good judgment skills to decide on an exception approval

    Desirable

    Ability to enforce improvements when necessary, using Influence rather than Policing measures

    Desirable

    Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders

    Desirable

    Knowledge of application of Agile methodologies / principles such as Scrum or Kanban

    Desirable

  • Behavioral Competencies
  • Thinking Related
  • People Related
  • Self Related
  • Influencer / Security Evangelist for the Team / Squad
  • Positive & Constructive Attitude
  • Autonomous worker / Decision Maker
  • Good listener
  • Patient & Calm during stressful situations
  • High energy individual / Motivator
  • Win-Win Attitude
  • Hacker / Defense-In-Depth mindset
  • Analytical thinking
  • Team Player / Interpersonal Skills
  • Eye for detail
  • Persistent & Persuasive
  • Organized / Structured
  • Deadline oriented
  • Competent and committed
  • Peoples Person; understands stakeholder management
  • Empathetic
  • Passionate about architecting smart solutions
  • Innovator / Out of the box thinker
  • Collaborative Leadership style
  • Confident Presenter

    • Thank You

    Emily Jha

    Netsach - A Cyber Security Company

    Create a job alert for this search

    Application Security • bangalore, India

    Related jobs
    • Promoted
    Aircraft Propulsion Systems Architect

    Aircraft Propulsion Systems Architect

    HCLTechDevanahalli, Karnataka, India
    September, 2025,Saturday (9AM-2PM).Cessna Business park, Kaverappa Layout, Kadubeesanahalli, Bengaluru, Karnataka 560103. Aircraft Propulsion Systems Architect for Engine Nacelles.Full lifecycle dev...Show moreLast updated: 8 days ago
    • Promoted
    • New!
    Pentester / Mobile Application Security

    Pentester / Mobile Application Security

    NETSACH GLOBALbangalore, India
    Greetings from Netsach - A Cyber Security Company.We are looking for Mobile Application Security with 3 yrs of relevant experience and mandatory skills set are Web and Mobile Application Security, ...Show moreLast updated: 7 hours ago
    • Promoted
    Application Security Engineer - Penetration Testing

    Application Security Engineer - Penetration Testing

    Coders Brain Technology Private LimitedBangalore
    Were Hiring : WebPTP1 - Consultant Location : Bangalore / Pune Experience : 4-8 Years Salary : As per market standard&...Show moreLast updated: 30+ days ago
    • Promoted
    Penetration Tester

    Penetration Tester

    Staffington GlobalBengaluru, Karnataka, India
    Duties and Responsibilities : o Looking atleast 8+ Years of experience in Penetration Testing.Conduct penetration tests on a wide range of digital products, including networks, web, and mobile appli...Show moreLast updated: 1 day ago
    • Promoted
    Senior Quality Assurance Automation Engineer

    Senior Quality Assurance Automation Engineer

    Andor TechBangalore Rural, Karnataka, India
    Location : Work From Office (5 Days).We are seeking a skilled QA / Automation Engineer with hands-on experience in API, Web, Desktop, and Mobile application testing. The candidate should have strong au...Show moreLast updated: 8 days ago
    • Promoted
    RMS Technical Expert - OSAT

    RMS Technical Expert - OSAT

    Tata ElectronicsKolar, Karnataka, India
    The RMS Technical Expert will be responsible for the design, deployment, and optimization of Reliability Monitoring Systems in an OSAT (Outsourced Semiconductor Assembly & Test) manufacturing envir...Show moreLast updated: 8 days ago
    • Promoted
    MEP Project Manager

    MEP Project Manager

    Exide Energy Solutions LtdDevanahalli, Karnataka, India
    Exide Energy Solutions Limited (EESL) is one of the fastest growing companies who has vision to solve social issues regarding energy, environment, resource, etc with producing lithium-ion battery p...Show moreLast updated: 8 days ago
    • Promoted
    • New!
    Penetration Tester / Application Security Analyst

    Penetration Tester / Application Security Analyst

    CGIbangalore, India
    We are seeking a skilled and detail-oriented Penetration Tester to join our cybersecurity team.This role involves performing manual security assessments across web, mobile, API, and network environ...Show moreLast updated: 7 hours ago
    • Promoted
    Penetration Tester - Application Security

    Penetration Tester - Application Security

    Kezan ConsultingBangalore
    Job Specification Role : WebPT P1 Consultant (Immediate Joiner only can apply) Experience : 4-8 Years Location : Bangalore / P...Show moreLast updated: 30+ days ago
    • Promoted
    Penetration Tester - Cyber Security

    Penetration Tester - Cyber Security

    Go Digit General Insurance LimitedBangalore
    Job Description : We are looking for a skilled Penetration Tester with 5 - 8 years of experience in application security...Show moreLast updated: 14 days ago
    • Promoted
    Senior Penetration Tester

    Senior Penetration Tester

    AppSecure SecurityBangalore Urban, Karnataka, India
    Appsecure is a leading offensive cybersecurity and red-team services company trusted by Fortune 500s, high-growth startups, and global enterprises. Our team consists of top bug bounty hunters, seaso...Show moreLast updated: 6 days ago
    • Promoted
    Automation testing-Python with Robot framework

    Automation testing-Python with Robot framework

    Tata Consultancy ServicesBangalore Rural, Karnataka, India
    TCS is looking for Automation testing-Python with Robot framework.Education : Minimum 15 years of full-time education (10th, 12th and Graduation). Responsible for Designing, Developing and executing ...Show moreLast updated: 8 days ago
    • Promoted
    FACULTY – Computer Science Engineering

    FACULTY – Computer Science Engineering

    GITAM Deemed UniversityDodda Ballapur, Karnataka, India
    Faculty Recruitment – Computer Science Engineering | GITAM (Deemed to be University), Bengaluru Campus.Department of Computer Science Engineering at GITAM. Algorithms, Complexity, Graph Theory, Form...Show moreLast updated: 4 days ago
    • Promoted
    • New!
    Web Application Security Consultant (WebPT P1)

    Web Application Security Consultant (WebPT P1)

    MK IT Solutionsbangalore, India
    Position 1 : WebPT P1 - Consultant.Hybrid (3 times in office per week).Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on ...Show moreLast updated: 7 hours ago
    • Promoted
    Penetration Tester | Work from Office | Bangalore | 5 days |

    Penetration Tester | Work from Office | Bangalore | 5 days |

    UtthungaBengaluru, Karnataka, India
    Penetration Tester, Pen Tester, Cyber security.Test and operate security controls for various applications in compliance with the prescribed cybersecurity standards in place.Collaborate with softwa...Show moreLast updated: 27 days ago
    • Promoted
    Security Technology Lifecycle Analyst

    Security Technology Lifecycle Analyst

    HR PLACEMENT CONSULTANTS (HRPC)Bangalore Rural, Karnataka, India
    Position - Analyst - Security Technology Lifecycle Analyst.Job Type - Full-time (Third party payroll •).The Security Technology Lifecycle Analyst plays a critical role in supporting the Corporate Se...Show moreLast updated: 21 days ago
    • Promoted
    MES Technical Developer

    MES Technical Developer

    Tata ElectronicsKolar, Karnataka, India
    We are looking for an experienced.Senior MES Technical Developer.Siemens Opcenter Execution (formerly Camstar).MES solutions tailored for high-tech electronics or semiconductor manufacturing.MES wo...Show moreLast updated: 8 days ago
    • Promoted
    Firmware Engineer – IoT Gateway Development

    Firmware Engineer – IoT Gateway Development

    Capgemini EngineeringBangalore Rural, Karnataka, India
    Firmware Engineer – IoT Gateway Development.Bachelor’s or Master’s degree in.Electronics & Communication Engineering.As a Firmware Engineer, you’ll contribute to embedded application development in...Show moreLast updated: 27 days ago