Application Security Penetration Tester

Responsibilities

• Perform Vulnerability Assessment and Penetration Testing (VAPT) on web applications, mobile applications, and APIs.
• Conduct manual and automated penetration testing to identify, validate, and assess security vulnerabilities.
• Assess applications against the OWASP Top 10, OWASP API Security Top 10, and other industry-recognised security standards.
• Identify common web application vulnerabilities, including authentication, authorization, session management, input validation, and API security weaknesses.
• Validate vulnerability findings, eliminate false positives, and assess business impact and risk exposure.
• Perform re-testing to verify remediation and closure of identified security issues.
• Prepare comprehensive technical reports detailing vulnerabilities, risk ratings, proof of concept, and remediation recommendations.
• Present security findings to development, DevSecOps, and security stakeholders, providing guidance on mitigation strategies.
• Collaborate with application development teams to improve secure coding practices and application security throughout the software development lifecycle.
• Stay current with emerging attack techniques, vulnerabilities, security tools, and industry best practices.
• Required Skills
• Bachelor's Degree in Computer Science, Cybersecurity, Information Security, or a related discipline.
• Minimum 3 years of hands-on experience in Application Security Penetration Testing or Vulnerability Assessment and Penetration Testing (VAPT).
• Strong knowledge of OWASP Top 10, OWASP API Security Top 10, and common web application attack vectors.
• Hands-on experience with penetration testing tools such as Burp Suite, OWASP ZAP, Nessus, Qualys, Nmap, SQLMap, Metasploit, or equivalent.
• Experience performing both manual and automated penetration testing.
• Good understanding of HTTP/HTTPS, RESTful APIs, authentication mechanisms, session management, and secure coding principles.
• Experience interpreting vulnerability findings and recommending practical remediation solutions.
• Strong analytical, troubleshooting, and technical report-writing skills.
• Excellent communication and stakeholder management skills.
• Preferred Skills
• Experience testing cloud-hosted applications and containerized environments.
• Familiarity with secure Software Development Lifecycle (SSDLC), DevSecOps practices, and CI/CD pipelines.
• Knowledge of cloud security principles across AWS, Microsoft Azure, or Google Cloud Platform (GCP).
• Experience using source code security testing tools and dynamic application security testing solutions.
• Certifications
• Mandatory: CREST Certified (CRT, CCT APP, or equivalent CREST Penetration Testing certification).
• Preferred: Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), or CompTIA PenTest+.
• Application Note
• Interested applicants may send their CV directly to shyam@aryan-solutions.com for consideration.

Additional Information

Role Overview We are seeking an experienced Application Security Penetration Tester to conduct Vulnerability Assessment and Penetration Testing (VAPT) across web applications, mobile applications, and APIs. This role is responsible for identifying security vulnerabilities through both manual and automated testing, validating remediation efforts, and providing actionable recommendations to strengthen application security. The ideal candidate will have strong technical expertise in penetration testing methodologies, application security, and vulnerability assessment, with the ability to communicate technical findings effectively to development and security teams.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ARYAN SOLUTIONS PTE. LTD.? Share your experience