Key Responsibilities
- Perform continuous security testing of web applications and REST APIs during development, testing, and pre-release phases
- Conduct manual and automated application security testing to identify vulnerabilities
- Review application logic related to authentication, authorization, session management, and input validation
- Collaborate directly with developers to explain security findings and recommend effective remediation strategies
- Track security issues from discovery through remediation using internal ticketing or tracking systems
- Support production incident investigations, root cause analysis, and post-incident reviews
- Assist in improving secure development practices and early-stage security reviews
- Prepare clear and actionable security documentation and reports for engineering teams
- Help maintain alignment with common application security standards and best practices
Required Skills & Qualifications
- 35 years of hands-on experience in application security or cybersecurity roles
- Strong understanding of web application and API security concepts
- Experience with vulnerability assessment and triage
- Working knowledge of secure code review principles
- Familiarity with OWASP Top 10 vulnerabilities
- Experience using security testing tools such as:
- Burp Suite
- OWASP ZAP
- Nessus or OpenVAS
- Basic scripting or programming knowledge (Python and/or JavaScript preferred)
- Understanding of incident response basics and log analysis
