Full Description

Experience Required

2–3 years of hands-on experience in web application, mobile application, source code review, and network penetration testing Strong experience in manual security testing, including SAST and DAST

Key Responsibilities

Perform penetration testing across web applications, mobile applications, and network infrastructure throughout different Software Development Life Cycle (SDLC) phases Identify, exploit, and report security vulnerabilities including business logic flaws, OWASP Top 10 issues, and generic attack vectors Conduct manual penetration testing for web and mobile applications, along with manual and automated source code reviews and analysis Collaborate closely with development and product teams to identify, validate, and mitigate security issues

Manage security testing tasks and vulnerability reporting using tools such as Jira (knowledge of Jira is a plus)Technical Skills & Tools

• Proficiency in tools such as Burp Suite Professional, Postman, MobSF, Frida, and Nessus (experience with custom or self-developed tools is a plus)
• Knowledge of programming languages and frameworks such as PHP and JavaScript, including JavaScript frameworks (React, Node.js, etc.), is a plus
• Strong skills in manual and automated source code analysis, familiarity with SAST tools is a plus

Additional Experience (Good To Have)

Experience in bug bounty hunting, CVE discovery or contribution

Security research, responsible disclosures, or public write-upsCertifications (Good to Have, but Not Mandatory)

• CEH, BSCP, GWAPT, CREST, HTB-CWES, HTB-CPTS

(ref: hirist.tech)