Security Tester

Disprz

Responsibilities

Application Security Testing

  • Perform manual and automated security testing of
    • Web applications
    • Mobile applications (Android/iOS)
    • Microservices / Microfrontends
  • Conduct
    • OWASP Top 10 testing
    • API security testing
    • Business logic testing
    • Authentication & authorization validation
    • Session management testing
    • File upload security testing
    • Input validation testing
Penetration Testing

  • Execute black-box, grey-box and white-box penetration tests.
  • Identify exploitable vulnerabilities.
  • Assess exploitability and business impact.
  • Validate remediation effectiveness.

Cloud Security

Validate Security Of Cloud-hosted Environments Including

  • Identity & Access Management
  • Secrets Management
  • Storage Security
  • Network Security Groups
  • Kubernetes security
  • Container security
  • Serverless functions
  • Cloud misconfiguration assessments

Secure SDLC

Partner With Engineering Teams To

  • Review security requirements
  • Review threat models
  • Verify secure coding practices
  • Validate security fixes
  • Recommend design improvements

DevSecOps

Integrate security testing into CI/CD pipelines by managing and optimizing:

  • SAST
  • DAST
  • SCA (Software Composition Analysis)
  • Container image scanning
  • Secret scanning
  • IaC scanning

Vulnerability Management

  • Verify vulnerabilities reported by scanners.
  • Eliminate false positives.
  • Prioritize findings using CVSS.
  • Track remediation.
  • Conduct regression testing.

AI & LLM Security Testing (Preferred)

Assess AI-enabled features for:

  • Prompt Injection
  • Jailbreak attempts
  • Data leakage
  • Insecure output handling
  • Model abuse
  • RAG vulnerabilities
  • Sensitive information exposure

Compliance Support

Support Security Initiatives Related To

  • ISO 27001
  • SOC 2
  • GDPR

Provide evidence during internal and external audits.

Automation

Develop Security Automation Scripts For

  • Vulnerability validation
  • API fuzzing
  • Security regression
  • Test data generation
  • Security reporting

Required Skills

Security

Strong understanding of

  • OWASP Top 10
  • API Security Top 10
  • Authentication mechanisms
  • OAuth2
  • OpenID Connect
  • JWT
  • Cryptography fundamentals
  • Secure Session Management
  • XSS
  • CSRF
  • SQL Injection
  • SSRF
  • XXE
  • Deserialization attacks
  • RCE
  • Privilege Escalation

Tools

Hands-on experience with tools such as

  • Burp Suite Professional
  • OWASP ZAP
  • Postman
  • Nmap
  • Metasploit
  • Nessus
  • Nikto
  • SQLMap
  • MobSF
  • SonarQube
  • Snyk
  • Checkmarx
  • Veracode

Programming

Working knowledge of at least one language

  • Python
  • Java
  • C#
  • JavaScript

Ability to read application code to understand vulnerabilities.

Nice to Have

Experience with

  • Kubernetes
  • Docker
  • Terraform
  • GitHub Advanced Security
  • CodeQL
  • AI-assisted security testing
  • LLM security
  • Red Team exercises
  • Bug bounty participation
  • Capture The Flag (CTF)

Qualifications

  • Bachelor's degree in Computer Science, Information Security, or related field.
  • 4–8 years of experience in application security or security testing.
  • Security certifications are desirable:
    • OSCP
    • OSWE
    • CEH
    • GWAPT
    • CISSP (optional)

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.