Engineer II - Application Security Test

You are a Test Engineer Grade II/III (Code, Application, IoT Tech) at a start-up engaged in developing next-generation missions and technologies for the Indian defence forces. Your role involves performing dynamic and static application security testing (DAST/SAST), secure code reviews, and managing software development posture. You will be responsible for identifying and reporting vulnerabilities in code, applications, and IoT devices, collaborating with developers to integrate security into the SDLC, auditing security documentation, and conducting risk assessments. **Key Responsibilities:** - Perform dynamic and static analysis of applications to identify security vulnerabilities. - Conduct systematic reviews of source code to ensure adherence to secure coding principles and identify potential weaknesses. - Continuously manage and monitor the security state of all software assets and their underlying infrastructure. - Execute security tests on code, applications, IoT devices, and communication protocols to uncover vulnerabilities. - Discover and report security flaws in software and applications to development teams for remediation. - Embed security testing into every stage of the software development process by working closely with development teams. - Examine and verify security documentation for compliance with industry standards and best practices. - Create and run specialized programs to simulate attacks and discover exploitable vulnerabilities. - Evaluate potential security threats and offer practical solutions to reduce or eliminate risks. - Continuously research and learn about emerging threats, new security tools, and industry standards to maintain expertise. **Required Skills:** - 2-3 years of experience in security application testing or related fields. - Strong understanding of web application security, IoT security, and communication protocols. - Experience with security testing tools like Burp Suite, OWASP ZAP, and others. - Proficiency in programming languages such as Python, Java, or C/C++. - Understanding of secure coding practices and software development lifecycles. **Desired Skills:** - Experience in penetration testing, vulnerability assessments, and threat modeling. - Knowledge of common security frameworks and standards like OWASP and NIST. - Familiarity with automated testing and DevSecOps practices. - Certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional) are a plus. You are a Test Engineer Grade II/III (Code, Application, IoT Tech) at a start-up engaged in developing next-generation missions and technologies for the Indian defence forces. Your role involves performing dynamic and static application security testing (DAST/SAST), secure code reviews, and managing software development posture. You will be responsible for identifying and reporting vulnerabilities in code, applications, and IoT devices, collaborating with developers to integrate security into the SDLC, auditing security documentation, and conducting risk assessments. **Key Responsibilities:** - Perform dynamic and static analysis of applications to identify security vulnerabilities. - Conduct systematic reviews of source code to ensure adherence to secure coding principles and identify potential weaknesses. - Continuously manage and monitor the security state of all software assets and their underlying infrastructure. - Execute security tests on code, applications, IoT devices, and communication protocols to uncover vulnerabilities. - Discover and report security flaws in software and applications to development teams for remediation. - Embed security testing into every stage of the software development process by working closely with development teams. - Examine and verify security documentation for compliance with industry standards and best practices. - Create and run specialized programs to simulate attacks and discover exploitable vulnerabilities. - Evaluate potential security threats and offer practical solutions to reduce or eliminate risks. - Continuously research and learn about emerging threats, new security tools, and industry standards to maintain expertise. **Required Skills:** - 2-3 years of experience in security application testing or related fields. - Strong understanding of web application security, IoT security, and communication protocols. - Experience with security testing tools like Burp Suite, OWASP ZAP, and others. - Proficiency in programming languages such as Python, Java, or C/C++. - Understanding of secure coding practices and software development lifecycles. **Desired Skills:** - Experience in penetration testing, vulnerability assessments, and threat modeling. - Knowledge of common security frameworks and standards like OWASP and NIST. - Familiarity with automated testing and DevSecOps practices. - Certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional) are a plus.