Application Security - Walkin Interview - 4th October

Application Security

Role Summary:

API security and Web Application Security Testing, Mobile application security testing

Key Responsibilities

1. Vulnerability Assessment (VA) & Attack Surface Monitoring

• Perform regular vulnerability scans using Nessus, Tenable, and other VA tools.
• Analyze scan results, prioritize vulnerabilities based on risk, and share reports with application owners and infrastructure teams.
• Provide technical guidance on remediation steps and validate fixes after patching.
• Utilize attack surface monitoring tools to detect potential external exposure points and proactively address security weaknesses.

2. Penetration Testing (PT)

• Conduct manual penetration testing of web applications, APIs, and network infrastructure.
• Perform authenticated and unauthenticated scans, identifying OWASP Top 10 and business logic vulnerabilities.
• Utilize tools like Burp Suite, Nmap, Metasploit, and custom scripts to perform exploitation and post-exploitation testing.
• Document findings with proof-of-concept (PoC) and suggest security best practices to Development/IT teams.
• Need to perform API security testing using tools such as Burpsuite, Postman

3. Security Reporting & Collaboration

• Create and maintain detailed vulnerability and PT reports with risk ratings, remediation steps, and proof-of-concept (PoC) details.
• Work closely with application owners and security teams to drive remediation efforts.
• Assist in compliance-related security testing and audits as required (e.g., PCI DSS, ISO 27001, RBI IT Guidelines).
• Stay updated on emerging threats, CVEs, and security trends, continuously improving VA/PT methodologies.

Qualifications & Experience

Must-Have:

• 2-4 years of hands-on experience in VA/PT, vulnerability scanning, and attack surface monitoring.
• Strong experience with Tenable Nessus, attack surface monitoring tools, and penetration testing frameworks.
• Hands-on experience with manual penetration testing and tools like Burp Suite, Metasploit, Nmap, and custom scripts.
• Solid understanding of OWASP Top 10, CVSS scoring, and common application/network vulnerabilities.

Preferred:

• Certifications: CEH, OSCP, GPEN, or any relevant security certification.
• Experience working in the BFSI sector (Banks/NBFC/Insurance).
• Familiarity with application testing and API security testing.

Key Skills & Competencies

• Strong analytical skills to interpret scan results and perform manual exploit validation.
• Ability to articulate clearly and technical security reports and communicate risks to technical/non-technical stakeholders.
• Self-motivated, able to work independently, and comfortable in a fast-paced environment.
• Good understanding of secure coding practices.