Senior Web Application Penetration Testing Engineer

Job Title: Senior Web Application Penetration Testing Engineer

Company Name: Sony India Software Centre

Job Description

As a Senior Web Application Penetration Testing Engineer at Sony India Software Centre, you will be responsible for identifying and mitigating security vulnerabilities within web applications and services. You will conduct comprehensive penetration tests, vulnerability assessments, and security audits to ensure the integrity and security of our software products. Additionally, you will work closely with development teams to provide guidance on best security practices and support in the implementation of secure coding standards. Your expertise will help drive a culture of security awareness and foster secure development practices across the organization.

Key Responsibilities

• Experience in the range of 8+ years. Work timings being 9AM-6PM.
• Conduct thorough penetration testing of web applications to identify security weaknesses.
• Operate a hands-on role involving penetration testing and vulnerability assessment activities of all types of applications, networks, Web services/APIs and mobile applications/devices.
• Perform vulnerability assessments and security audits of web applications and services.
• Analyze test results and create detailed reports on findings, vulnerabilities, and recommendations for remediation.
• Collaborate with software development teams to integrate security practices into the software development lifecycle (SDLC).
• Stay updated with the latest security threats, vulnerabilities, and industry trends to continuously improve testing methodologies.
• Provide training and support for development teams on secure coding practices and security measures.
• Assist in the development of security policies, standards, and guidelines for web applications.
• Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response
• Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management
• The ability to articulate risks and findings to management
• Excellent communication skills both written and verbal.
• Critical thinking and good problem-solving abilities.
• Organized planning and time management skills are preferred.
  
  

Skills And Tools Required

• Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
• Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
• Strong knowledge of web application security vulnerabilities (e.g., OWASP Top Ten).
• Proficiency in penetration testing tools such as Burp Suite, OWASP ZAP, Metasploit, and others.
• Experience with web application frameworks and technologies (e.g., HTML, JavaScript, CSS, API security).
• Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
• Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit
• Participate in multiple organizational areas such as security architecture and design, SAST, SCA, Pentesting and client communication.
• Experience in preparing a security threat model and associated test plans.
• Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
• In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
• Understanding of networking concepts and protocols (e.g., TCP/IP, HTTP/S).
• Ability to analyze and evaluate security design and implementation in web applications.
• Excellent communication skills to articulate security risks and recommendations to technical and non-technical stakeholders.
• Relevant certifications (e.g., CEH, OSCP, OSCP+) are preferred
• Knowledge of current information security threats. Good understanding of coding best practices and standards.
  
  

This position offers an exciting opportunity to be at the forefront of web application security in a dynamic and innovative environment at Sony India Software Centre. If you are passionate about security and looking to make a significant impact, we encourage you to apply.