Security Engineer (Burp Suite )

About the Role
We are looking for a skilled Web & API Security Engineer with strong offensive security expertise. In this hands-on role, you will test modern web applications and APIs to find vulnerabilities, simulate real-world attacks, and work with engineering teams to improve our platforms security.

What Youll Do

• Perform manual security testing on web applications and APIs (REST, GraphQL, gRPC).
• Identify vulnerabilities such as logic flaws, authentication bypasses, and chained exploits.
• Simulate real-world attacks and design potential attack paths.
• Test and analyze security controls like WAFs, rate limits, and authentication systems.
• Document findings clearly to help engineers fix issues quickly.
• Explore edge cases and scenarios often missed by automated tools.

What Were Looking For

• Proven experience in penetration testing of web apps and APIs.
• Strong knowledge of HTTP, cookies, sessions, JWTs, CORS, and authentication flows.
• Expertise in AuthN/AuthZ vulnerabilities (OAuth, IDOR, BOLA, SSO bypass).
• Familiarity with API attack methods (replay attacks, schema issues, parameter pollution).
• Proficiency with tools like Burp Suite Pro, Postman, sqlmap, jwt_tool, and scripting (Python/Bash).
• Ability to think like an attacker and uncover hidden risks.