Senior Test Specialist

Job Summary

The Security & Penetration Testing Specialist ensures application and API security by proactively identifying vulnerabilities, validating security controls, and embedding security testing into the SDLC without adversarial exploitation. Also performs deep, adversarial security testing to simulate real‑world attacks and uncover exploitable weaknesses across applications, APIs, networks, and cloud environments.

Key Responsibilities

• Review application architecture and data flows for security risks

• Design security testing strategies aligned with OWASP Top 10 and ASVS

• Perform automated and manual security testing for applications and APIs

• Validate vulnerabilities, assess severity, and eliminate false positives

• Review secure configurations, access controls, and input validation

• Integrate SAST, DAST, and SCA tools into CI/CD pipelines

• Track vulnerabilities through remediation and re‑testing

• Produce clear, actionable security assessment reports

• Define penetration testing scope, rules of engagement, and methodologies

• Conduct threat modelling and identify high‑risk attack vectors

• Perform manual penetration testing including business logic exploitation

• Execute authentication, authorization, and session‑management attacks

• Perform API, network, and cloud penetration testing

• Validate real‑world impact using controlled proof‑of‑concept exploits

• Document attack paths, risks, and remediation recommendations

• Support remediation validation and re‑testing

Skill Requirements

Mandatory:

• Strong application and API security testing experience

• Tools: Burp Suite, OWASP ZAP, Nessus, Metasploit, Nmap, SQLmap, Wireshark

• Knowledge of secure coding principles and common vulnerabilities

• Strong manual penetration testing expertise (Web, API, Network)

• Deep understanding of OWASP Top 10 and real‑world attack techniques

• Exposure to GenAI concepts and use cases in software testing and quality engineering

• Experience using GenAI tools (e.g., Copilot, ChatGPT or similar) to accelerate test design, script generation, and debugging

• Ability to leverage GenAI for test case generation, data creation, and code optimization

Good to Have:

• Cloud security fundamentals (AWS/Azure)

• Compliance knowledge (ISO 27001, SOC2)

• Scripting for security validation (Python/Bash)

• Cloud penetration testing (AWS/Azure)

• Scripting for exploitation or automation (Python/Bash)

• Strong OS fundamentals (Linux, Windows)

Other Requirements

• Strong communication skills for working with development teams

• Ability to guide secure remediation practices

• Red‑team mindset and continuous learning attitude

• Ability to present findings to leadership and engineering teams

Total Experience: 8–12 years