Key Responsibilities

• Perform black-box, gray-box and white-box penetration tests on web, mobile, API and cloud-native applications.

• Conduct manual and automated static application security testing (SAST) and source code reviews to identify logic flaws, insecure patterns, and exploitable vulnerabilities.

• Use SCA/SAST tools to scan codebases, validate findings, and reduce false positives.

• Produce clear, actionable reports including vulnerability description, risk rating, proof-of-concept, exploitability, and remediation guidance.

• Work closely with DevOps and engineering teams to implement fixes, improve secure coding practices, and integrate security into CI/CD pipelines.

• Run dynamic application security testing (DAST) and interactive application security testing (IAST) where appropriate.

• Assist in threat modelling, secure design reviews, and security requirements for new features.

• Help build and run developer-facing security training, code review playbooks, and checklists.

• Keep up-to-date with the latest attack techniques, SCA tool capability, and secure coding patterns.

• Nice-to-have

  • Certifications: OSCP, OSWE, GXPN, CEH, CISSP, CSSLP, or relevant SCA tool certifications.

  • Experience with mobile app reverse engineering and static analysis (APK/IPA).

  • Familiarity with cloud security (AWS/Google Cloud Platform/Azure) and infrastructure-as-code scanning.

  • Experience creating or contributing to internal security tools, linters, or secure-coding rules.