Education Qualification
Master Degree - Marketing
EvinceDev (Evince Development) is looking for Talented candidates as per the requirements described here.
Following are the Brief points of the Job requirements
- Lead application security initiatives across web, mobile, API, and cloud platforms.
- Perform manual penetration testing and vulnerability assessments.
- Identify vulnerabilities such as IDOR, Broken Authentication, Injection, Security Misconfigurations, and related OWASP Top 10 risks.
- Collaborate closely with engineering teams for vulnerability remediation and secure coding implementation.
- Define and maintain security policies, security runbooks, and incident response procedures.
- Conduct threat modelling and security reviews for new product features and releases.
- Manage external security assessments and penetration testing engagements.
- Monitor cloud infrastructure security across AWS, Azure, or GCP environments.
- Ensure alignment with compliance standards such as PCI-DSS and privacy/security best practices.
- Build and maintain secure CI/CD security pipelines using SAST, DAST, dependency scanning, and secret detection.
- Drive organization-wide security awareness and engineering collaboration.
- Participate in security architecture reviews and provide secure design recommendations.
- Mentor junior security team members and help scale the security function.
- Present security posture updates, risks, and recommendations to leadership teams.
- 5+ years of experience in Application Security, Penetration Testing, or Security Engineering. Strong hands-on experience in manual application security testing
- Expertise in identifying OWASP Top 10 vulnerabilities across APIs and web applications. Strong understanding of REST APIs, authentication mechanisms, authorization flows, and secure session handling
- Hands-on experience with Burp Suite Pro, OWASP ZAP, or equivalent security testing tools. Strong knowledge of secure coding practices and vulnerability remediation
- Ability to read and understand application code in technologies such as Node.js, Python, PHP, or React Native.
- Experience with Linux environments and command-line security tooling. Understanding of CI/CD security practices and DevSecOps concepts
- Ability to work independently and own security initiatives from planning to execution
- Application Security Testing
- API Security Testing
- Penetration Testing
- OWASP Top 10 Security Standards
- Burp Suite Pro / OWASP ZAP
- Secure SDLC Practices
- SAST / DAST Implementation
- Vulnerability Assessment & Remediation
- Cloud Security (AWS / Azure / GCP)
- CI/CD Security Integration
- Secure Authentication & Authorization
- Linux Security Tooling
- OSCP (Offensive Security Certified Professional)
- CEH, PNPT, OSWE, CRTE, or equivalent certifications
- Mobile Application Security experience (iOS / Android)
- Experience with Frida, Objection, or mobile binary analysis tools
- Experience in Bug Bounty platforms such as HackerOne or Bugcrowd
- Exposure to PCI-DSS or payment security practices
- Experience building security functions in startups or product organizations
- Familiarity with DevSecOps tooling and infrastructure security automation
- Knowledge of privacy and compliance frameworks
- Exposure to container security and Kubernetes security practices
