Experience – Lead – 6+ years & ATA – 9+ years
Security testing – Key Responsibilities:
Security Testing:
1. Conduct regular penetration tests across web, mobile, and API applications to identify vulnerabilities.
2. Perform manual and automated security testing based on OWASP standards.
3. Test for vulnerabilities such as SQL Injection, XSS, CSRF, and other OWASP Top 10 risks.
Threat Identification & Mitigation:
1. Continuously monitor systems for potential threats and vulnerabilities.
2. Respond to and act on security alerts in real-time to mitigate risks.
3. Implement proactive measures to safeguard against emerging threats.
Collaboration and Education:
1. Partner with DevOps, development, and infrastructure teams to integrate security into the Software Development Lifecycle (SDLC).
2. Provide guidance and training to internal teams on security best practices and awareness.
3. Report findings and recommendations to stakeholders in a clear and actionable format.
Tool Management and Automation:
1. Use tools such as Burp Suite, Nessus, Metasploit, OWASP ZAP, and other security testing solutions.
2. Automate repetitive security testing tasks for scalability and efficiency.
3. Stay updated on emerging security tools and trends to enhance the organization’s capabilities.
Reporting and Documentation:
1. Document security incidents, testing results, and remediation actions.
2. Create comprehensive reports for technical and non-technical stakeholders, highlighting risks and recommendations.
Technical Skills:
1. Expertise in SQL Injection testing, XSS, and vulnerability assessment techniques.
2. Familiarity with scripting languages (Python, Bash, PowerShell) and their use in security automation.
3. Proficiency with network security concepts, firewalls, IDS/IPS, and cloud security (AWS, Azure, GCP).