Pen Tester

Job Description

Job Description

Job Description : Key Responsibilities

Conduct manual and automated penetration testing of web applications, APIs, and related infrastructure.

Identify, document, and exploit security vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication flaws, and business logic issues.

Perform source code reviews to identify security flaws in web applications.

Use industry-standard tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Kali Linux, and SAST / DAST tools.

Develop and execute custom scripts and exploits to validate security weaknesses.

Collaborate with development and DevSecOps teams to provide secure coding recommendations and remediation guidance.

Generate detailed reports with findings, risk assessments, and actionable remediation steps for technical and non-technical stakeholders.

Stay up to date with the latest web security trends, vulnerabilities, and attack techniques.

Perform retesting of vulnerabilities after remediation efforts.

Assist in threat modeling and risk assessments for web applications.

Tools & Technologies

The candidate should be proficient in using the following tools and technologies for web application penetration testing :

Web Application Security Testing Tools :

Burp Suite (Pro & Community)

WebInspect

Network & Reconnaissance Tools :

Nmap

Masscan

Amass

Subfinder / Assetfinder

Shodan / Censys

Exploitation & Attack Tools :

SQLmap (SQL injection testing), Metasploit Framework,

Scripting & Automation :

Python / Bash / PowerShell

JavaScript (for DOM-based attacks and exploitation)

Postman / REST API testing tools

Code Analysis & Debugging :

Source Code Review (Java, .NET, Python, JavaScript, etc.)

Static Analysis Tools (SAST) SonarQube, Snyk, Fortify

Dynamic Analysis Tools (DAST) : Acunetix,

Cloud & Container Security :

AWS Security Tools (Pacu, ScoutSuite, Prowler)

Docker Security Testing (Trivy, Dockle)

Kubernetes Security Testing (Kube-hunter, Kube-bench)

Qualifications & Skills

Technical Skills :

Deep understanding of OWASP Top 10 vulnerabilities and web security principles.

Proficiency in HTTP / HTTPS protocols, authentication mechanisms, session management, and API security.

Experience with scripting (Python, Bash, PowerShell, JavaScript) for automation and exploit development.

Familiarity with Cloud Security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus.

Knowledge of Secure Software Development Life Cycle (SDLC) practices.

Certifications (Preferred but Not Required) :

OSCP (Offensive Security Certified Professional)

GWAPT (GIAC Web Application Penetration Tester)

CPT (Certified Penetration Tester)

CEH (Certified Ethical Hacker)

Experience & Education :

Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).

2-5 years of experience in web application security, penetration testing, or ethical hacking