Security Tester
Disprz
Application Security Testing
- Perform manual and automated security testing of
- Web applications
- Mobile applications (Android/iOS)
- Microservices / Microfrontends
- Conduct
- OWASP Top 10 testing
- API security testing
- Business logic testing
- Authentication & authorization validation
- Session management testing
- File upload security testing
- Input validation testing
- Execute black-box, grey-box and white-box penetration tests.
- Identify exploitable vulnerabilities.
- Assess exploitability and business impact.
- Validate remediation effectiveness.
Validate Security Of Cloud-hosted Environments Including
- Identity & Access Management
- Secrets Management
- Storage Security
- Network Security Groups
- Kubernetes security
- Container security
- Serverless functions
- Cloud misconfiguration assessments
Partner With Engineering Teams To
- Review security requirements
- Review threat models
- Verify secure coding practices
- Validate security fixes
- Recommend design improvements
Integrate security testing into CI/CD pipelines by managing and optimizing:
- SAST
- DAST
- SCA (Software Composition Analysis)
- Container image scanning
- Secret scanning
- IaC scanning
- Verify vulnerabilities reported by scanners.
- Eliminate false positives.
- Prioritize findings using CVSS.
- Track remediation.
- Conduct regression testing.
Assess AI-enabled features for:
- Prompt Injection
- Jailbreak attempts
- Data leakage
- Insecure output handling
- Model abuse
- RAG vulnerabilities
- Sensitive information exposure
Support Security Initiatives Related To
- ISO 27001
- SOC 2
- GDPR
Automation
Develop Security Automation Scripts For
- Vulnerability validation
- API fuzzing
- Security regression
- Test data generation
- Security reporting
Security
Strong understanding of
- OWASP Top 10
- API Security Top 10
- Authentication mechanisms
- OAuth2
- OpenID Connect
- JWT
- Cryptography fundamentals
- Secure Session Management
- XSS
- CSRF
- SQL Injection
- SSRF
- XXE
- Deserialization attacks
- RCE
- Privilege Escalation
Hands-on experience with tools such as
- Burp Suite Professional
- OWASP ZAP
- Postman
- Nmap
- Metasploit
- Nessus
- Nikto
- SQLMap
- MobSF
- SonarQube
- Snyk
- Checkmarx
- Veracode
Working knowledge of at least one language
- Python
- Java
- C#
- JavaScript
Nice to Have
Experience with
- Kubernetes
- Docker
- Terraform
- GitHub Advanced Security
- CodeQL
- AI-assisted security testing
- LLM security
- Red Team exercises
- Bug bounty participation
- Capture The Flag (CTF)
- Bachelor's degree in Computer Science, Information Security, or related field.
- 4–8 years of experience in application security or security testing.
- Security certifications are desirable:
- OSCP
- OSWE
- CEH
- GWAPT
- CISSP (optional)