Application Security Tester

Job Openings Application Security Tester

Scope:

The scope of application security engineer activities are as follows:

Activities:

The scope of activities are as follows:

Security Assessments, Threat Modelling & Code Reviews

o Perform application security assessments for web, API, and cloud-hosted services.

o Conduct threat modelling for key features/releases (trust boundaries, data flows, misuse cases)

o Conduct tool-assisted secure code reviews for selected modules

Security Controls, Authentication & Encryption

o Define/refine application security controls (validation, encoding, secure headers, rate limiting)

o Define/refine auth mechanisms (OAuth2/OIDC, session/token handling, MFA patterns where applicable)

o Define/refine encryption and key management patterns (TLS, encryption at rest, key rotation)

Secure Coding Guidelines and Standards

o Develop and maintain secure coding guidelines, checklists, and secure patterns

o Maintain standards aligned to OWASP Top 10 and OWASP API Top 10 risks

Remediation Support & Fix Verification

o Collaborate with development teams to remediate vulnerabilities.

o Retest and verify fixes and provide closure evidence

Application vulnerability related Incident Monitoring & Response Support

o Support triage of application vulnerability-related incidents.

o Conduct root-cause analysis and recommend preventive guardrails.

Documentation of Application Security guidelines and checklists

Description of Deliverables: