Overview
Skills
Job Details
The Application Security Tester (AppSec Tester) is responsible for identifying, analyzing, and helping remediate security vulnerabilities across web, mobile, cloud, and API-based applications. This role ensures that applications meet security best practices, regulatory requirements, and organizational risk standards.
- Conduct network vulnerability assessments using tools such as Nessus to identify risks in infrastructure components.
- Perform Static Application Security Testing (SAST) with Fortify SCA to detect code-level vulnerabilities before deployment.
- Execute Dynamic Application Security Testing (DAST) using AppScan to uncover runtime security issues in web and mobile applications.
- Carry out manual penetration testing to simulate real-world attack scenarios and discover complex vulnerabilities.
1. Security Testing & Vulnerability Identification
Conduct application security assessments including static analysis (SAST), dynamic analysis (DAST), IAST, and manual penetration testing.
Perform security testing on web, mobile, API, and cloud-based applications.
Identify vulnerabilities such as OWASP Top 10, insecure coding practices, misconfigurations, and authentication/authorization issues.
Perform threat modeling and risk analysis for new and existing applications.
2. Reporting & Remediation Support
Document vulnerabilities with clear reproduction steps, severity ratings, and mitigation recommendations.
Collaborate with development teams to interpret findings and guide secure coding fixes.
Track remediation efforts and validate fixes (retesting).
Provide clear, concise, and business-friendly reports for technical and non-technical stakeholders.
3. Tools & Automation
Use industry-standard AppSec tools:
Burp Suite, OWASP ZAP, Checkmarx, Veracode, Fortify, SonarQube, Nexus IQ, Acunetix, etc.Integrate security scanning tools into CI/CD pipelines (DevSecOps).
Develop scripts or automations for repeated testing scenarios when required.
4. Secure Development Support
Review source code for security issues (manual and automated SAST).
Participate in SDLC, providing security input during design, development, and deployment.
Advocate for secure engineering practices and help teams follow best-practice frameworks.
5. Compliance & Best Practices
Ensure testing meets compliance requirements such as ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, etc.
Stay up to date with latest security threats, exploits, trends, and tools.
Required Skills
Fortify Real-Time Analyzer (RTA): Intermediate, Static App Security Testing (SAST): Intermediate, Dynamic App Security Testing (DAST): Intermediate, Penetration Testing - Manual: Intermediate, Nessus: Advanced
Role Description: The Security Tester is responsible for identifying, analyzing, and reporting security vulnerabilities across network and application environments. This role performs comprehensive security assessments using automated tools and manual techniques to protect systems from threats and ensure compliance with security standards.
Preferred Skills
Certifications including OSCP, CEH, GWAPT, GPEN, CISSP, CSSLP, or similar.
Experience in DevSecOps environments.
Knowledge of container security (Docker, Kubernetes).
Ability to write scripts using Python, Bash, PowerShell, or similar.
Experience using vulnerability management platforms (Qualys, Tenable).
Qualifications
Bachelor s degree in Computer Science, Cybersecurity, or related field.
2 8 years of experience in Application Security or Penetration Testing.
Strong communication and documentation skills.