Key Responsibilities
- Perform security assessments for enterprise web, mobile (Android/iOS), and API
applications.
- Conduct VAPT, penetration testing, and secure configuration reviews.
- Identify vulnerabilities including SQLi, XSS, IDOR, SSRF, authentication, authorization, and
business logic flaws.
- Perform Android and iOS security testing including SSL Pinning Bypass, Root/Jailbreak
Detection Bypass, Runtime Instrumentation, and Reverse Engineering.
- Conduct API security testing including OAuth, JWT, token validation, and access control
testing.
- Work closely with development and DevSecOps teams to implement secure coding and
remediation practices.
- Support Secure SDLC, threat modeling, and security design reviews.
- Prepare detailed VAPT reports and perform vulnerability retesting.
Key Requirements
Technical Expertise
- Strong experience in Enterprise Application Security.
- Hands-on expertise in Mobile Application Security (Android/iOS).
- Strong knowledge of OWASP Top 10 & OWASP MASVS.
- Hands-on experience with Burp Suite, Frida, MobSF, Jadx, Ghidra, OWASP ZAP, SQLMap,
Nessus, and Nmap.
- Experience in Web, API, and Mobile Penetration Testing.
- Understanding of Secure SDLC and DevSecOps practices.
- Cloud Security knowledge (AWS/Azure/GCP) is preferred.
- Scripting knowledge in Python or Bash preferred.
Qualifications & Years of Experience
Bachelor’s or Master’s degree in Computer Science, Cyber Security, Engineering, or related
field.
- 4–8 years of experience in Application Security, VAPT, or Product Security roles.
- Prior experience in FinTech, Product-Based Companies, BFSI, or Enterprise Security
environments preferred.
- Certifications such as CEH, OSCP, CAPen, CAPT, or CISSP are preferred
