18 Burpsuite Jobs

As a Security Testing professional with 3-10 years of experience in SAST, DAST, API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, you will be an integral part of the Infosys delivery team. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities, aiming to meet and exceed client expectations in the technology domain. Your role will involve gathering requirements and specifications to deeply understand client needs, subsequently translating them into system requirements. You will also play a crucial part in estimating work requirements accurately to provide project estimations to Technology Leads and Project Managers. Your contribution will be significant in the development of efficient programs and systems. If you believe you possess the necessary skills and expertise to assist our clients in navigating their digital transformation journey, then this opportunity is tailored for you! This job opening is available at multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

As a Security Testing professional with 3-10 years of experience in SAST/DAST/API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, your role as a part of the Infosys delivery team will encompass various responsibilities. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities to meet and exceed client expectations in the technology domain. This will involve gathering requirements and specifications to deeply understand client needs and translating them into system requirements. Additionally, you will be pivotal in estimating work requirements accurately to provide vital input on project estimations to Technology Leads and Project Managers. Your contribution will be essential in the creation of efficient programs and systems that align with client requirements and industry best practices. If you are passionate about aiding clients in their digital transformation journey and possess the required expertise, then this opportunity is tailored for you! This job opening is available in multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute to achieving the teams goal. Responsibilities Direct Responsibilities Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concepts and strategies. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Experience in Process Improvement, Controls Enhancement and Reporting. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Providing independent expert advice to the IT areas on application & data risk issues. Engaging with organization wide risk and control groups, including internal audit and territory control teams. Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulate appropriate remediation strategies based on a full understanding of business exposure and compensating controls. Contributing Responsibilities Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate. Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members. Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders. SPOC for security architecture meetings. Technical & Behavioral Competencies Excellent Interpersonal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills. Specific Qualifications (if required) CEH, SSCP, OSCP certified. Technical Graduate (Computer Science) Preferable.

The IS Analyst- VAPT position is an integral member of the GCS IS team and shall contribute recommendations regarding physical and technical information security best practices. You will consult with local offices and their administrators to assist in the implementation of administrative and technical procedures for their networks and applications. Reporting to the Information Security Manager in India, you will be a key member of the GCS IS Ethical Hacking & Data Protection Team. As an IS Analyst- VAPT, your responsibilities will include performing and facilitating network and application penetration tests for internal teams, advising on security best practices, developing remediation recommendations tailored to specific environments, and delivering high-quality reports for IT administrators and developers. You will monitor vulnerability trends and recommend security enhancements consistent with the information security strategy. To excel in this role, you are expected to possess experience with BurpSuite and other web attack proxies, proficiency in the Vulnerability Management lifecycle, technical skills in web application penetration testing, an understanding of web application vulnerabilities, experience with penetration testing tools, proficiency in Linux, and knowledge of cloud services such as Azure and AWS. Additionally, you should have strong English verbal and written communication skills to effectively communicate information security matters to various stakeholders. Your ability to work collaboratively in a team, across multiple time zones, is essential for success in this position. The ideal candidate will hold a Bachelor's degree or equivalent experience, along with at least 5 years of application penetration testing and/or red teaming experience. Relevant certifications like GPEN, GWAPT, OSCP, CPTE, ITVA, or CISSP are preferred, as well as experience with CTF platforms and ISO 27001/2 or other information security industry regulatory controls. In summary, as the IS Analyst- VAPT, you will play a critical role in ensuring the security of networks and applications, providing valuable insights and recommendations to enhance information security practices within the organization.,

Your demonstrated ability will be required to develop test automation using Selenium Webdriver with Java, TestNG, Appium, REST Assured, and Maven. The ideal candidate should have a minimum of 1.5 to 7 years of experience in this field. Key Skills and Qualifications: - Minimum 1.5 to 7 years of experience in developing test automation using Selenium Webdriver with Java, TestNG, Appium, REST Assured, and Maven. - Ability to understand and analyze requirements. - Knowledge of testing API using Postman and/or REST Assured. - Proficiency in generating test data and reports. - Understanding of Functional Testing, UI/UX Testing, Regression Testing, Performance/Load Testing, and Security Analysis. Added advantage: - Working knowledge of Jmeter for Load Testing, OWASP ZAP, and Burpsuite for Security Testing. Location: Surat, India If you are interested in applying for this position, kindly send your CV to people@staah.com.,

Roles & responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in the development of web applications and/or APIs. should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA

You will be joining CDI for the role of Cyber Security Trainer and Consultant, where you will be responsible for conducting both onsite and offsite training programs for clients. Your main tasks will include conducting Vulnerability Assessments, Network Penetration Testing, Internal & External as well as Web Application scanning, and Penetration Testing using both manual methods and automated tools. To succeed in this role, you must have a solid understanding and practical experience with tools such as Metasploit, OWASP top ten attacks, Burpsuite, Kali Linux, Acunetix, Nessus, Nmap, and other relevant tools. Additionally, a good grasp of Threat Intelligence and domain tools is essential. Effective communication skills in English are crucial for this position, as you will be interacting with clients regularly. The job offers a full-time position in the morning shift at CDI, located near VR mall in Mohali, Punjab. Ideally, you should have at least 1 year of work experience in the field of Cyber Security. If you meet these requirements and are willing to relocate if necessary, we encourage you to apply for this exciting opportunity.,

As a Security Analyst at Dedalus, a prominent healthcare technology company, you will have the opportunity to contribute to the team in Chennai, India, and play a crucial role in enhancing healthcare services for a healthier planet. Your primary responsibility will involve Security Vulnerability Analysis and Penetration Testing, where you will assess, exploit, and report security vulnerabilities in software applications and infrastructure, providing recommendations for appropriate solutions. Working alongside a highly skilled team, your work will have a significant impact on the healthcare sector. Your duties will include: - Conducting Security Vulnerability Analysis, Threat Modelling, and Risk Assessment - Performing static code reviews using automated SAST tools and analyzing false positives - Executing dynamic testing (DAST) with tools like Burp-suite, Invicti, or Nessus - Conducting manual Penetration Testing and utilizing Ethical Hacking techniques to identify vulnerabilities - Compiling assessment and validation reports on identified vulnerabilities, risks, impact, recommended solutions, and Proof of Concepts (POCs) - Explaining threats and presenting assessment reports to the Developer and Architect community To excel in this role, you must meet the following essential requirements: - Minimum of four years of experience in security vulnerability analysis and Penetration Testing (VAPT) on cloud services, web products, or enterprise applications - Proficiency in using Appsec tools, including industry-standard tools like Burp-suite, Invicti, Fortify, and open-source tools such as Kali, Nmap, Wireshark, Metasploit, ZAP, and Echo Mirage - Technical knowledge of Software Development Life Cycle (SDLC) and implementation essentials for various application types (Desktop, Web, API, Mobile, and Cloud) - Ability to review Java or .NET code with a focus on security vulnerabilities and familiarity with OWASP, GDPR, and ISO Security standards - Certification in VAPT or Ethical Hacking in Mobile, Web, or Cloud security is mandatory - Exposure to DevAppSec automation and scripting is preferred - Knowledge of AI tools and securing Docker containers like Kubernetes is advantageous - Understanding of real-world threats and data protection regulations is desirable Join Dedalus and be part of a diverse and inclusive workplace where innovation and collaboration drive better healthcare outcomes for millions of patients worldwide. Dedalus is dedicated to fostering a work environment that encourages learning, innovation, and meaningful contributions to healthcare. If you are passionate about making a difference in the healthcare sector, join us on this journey to transform and improve healthcare options globally. Application Closing Date: 18th August 2025 Dedalus is committed to promoting diversity and inclusion in the workplace, ensuring respect, inclusion, and success for all employees and communities. Our dedication to diversity and inclusion is reflected in our work culture, emphasizing the importance of an inclusive and diverse workforce to drive innovation and create better healthcare solutions globally.,

o Experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux Perform automated testing of running applications and static code (SAST, DAST).

Job Description: As a part of SKYNET SECURE, you will play a crucial role in promoting cyber crime and internet security awareness across all sections of society. Your primary responsibility will involve providing training in Ethical Hacking, IT Security, and Cyber Forensics. Additionally, you will be involved in working on IT Security projects including Vulnerability Assessment and Penetration Testing (VAPT) projects. Your role will require the following skills: - Proficiency in tools such as Metasploit, OWASP top ten attacks, Burpsuite, Kali Linux, Acunetix, Nessus, and Nmap. - Ability to conduct Vulnerability Assessment and Network Penetration Testing. - Hands-on experience in Internal & External, Web App scanning, and Penetration testing (both Manual and Automated). - Strong understanding of Threat Intelligence and familiarity with domain tools. - Effective communication skills in English. - Experience in Application testing, especially with OWASP top 10. This position is based in Mumbai and requires candidates to hold a minimum qualification of Any Graduate. Possessing a CEH or any Equivalent Certification will be considered a bonus. Join us at SKYNET SECURE and contribute to creating a safer cyber environment while enhancing your skills in the field of IT security.,

You will be responsible for providing onsite and offsite training programs to clients in the role of Cyber Security Trainer and consultant. Your duties will include pre-requisites in Metasploit, OWASP top ten attacks, Burpsuite, Kali Linux, Acunetix, Nessus, Nmap tools, among others. You will be involved in Vulnerability Assessment, Network Penetration Testing, Internal & External as well as Web App scanning, and Penetration testing using both manual techniques and Automated tools. A good understanding of Threat Intelligence and familiarity with domain tools is essential. Effective communication skills in English will be required for this role. This is a Full-time position suitable for both Freshers and experienced candidates. The work schedule is in the Morning shift. The location is near VR mall, Mohali - 160055, Punjab. Candidates must be able to reliably commute or plan to relocate before starting work. Preferred candidates will have a total work experience of 1 year.,

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will include performing manual security code reviews for common programming languages such as Java and .NET. You will also be tasked with conducting automated testing of running applications and static code using tools like SAST and DAST. Additionally, you will be required to perform manual application penetration tests on various platforms like web applications, internal applications, APIs, and networks to identify and exploit vulnerabilities. The ideal candidate should have at least 6 months of formal programming experience in Java or C#, and possess 4 to 8 years of overall experience in the field. It would be advantageous to have one or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA. Providing technical leadership and guidance to team members, communicating effectively with both technical and non-technical audiences, and collaborating with Cyber teams to develop new testing techniques are also key aspects of this role. Moreover, having a minimum of three years of recent experience working with security testing tools like AppScan, NetsSparker, Acunetix, Checkmarx, BurpSuite, and others will be beneficial. This position offers equal employment opportunities and encourages individuals with a passion for cybersecurity to apply and contribute to our dynamic team at KPMG in India.,

Position Purpose The purpose of the position is to help with the information security topics mentioned in the direct responsibilities. Responsibilities Direct Responsibilities - Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. - Engaging with organization wide risk and control groups, including internal audit and territory control teams. - Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls. Contributing Responsibilities Excellent understanding of development security and its implementation in systems: identification, authentication, access control and provisioning, alignment of jurisdiction to business process Knowledge of single-sign-on security strategies (e.g. SAML, OAUTH2, SiteMinder etc.) Excellent understanding of authentication related mechanisms (Kerberos, One Time Passwords, PKI) Good understanding of cryptography and its practical uses within secure application development Familiarity with common security vulnerabilities (e.g. OWASP Top 10) Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them. Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Technical & Behavioral Competencies Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarize key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity, Sonatype, Blackduck Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. Excellent Inter personal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills Specific Qualifications (if required) - CEH, SSCP, OSCP certified. - Technical Graduate (Computer Science) Preferable. Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral & written Ability to share / pass on knowledge Active listening Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Analytical Ability Ability to develop and adapt a process Ability to develop and leverage networks Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Bachelor Degree or equivalent Experience Level At least 7 years

Job Description -: Experience of 4+ years • Hands-on experience of conducting security assessments of Web Applications, Mobile Applications, Web Services/APIs, Thick-clients. • Experience in tools such as burpsuite, nessus, nmap, acunetix, metasploit, checkmarx, etc. • Experience with Open Web Application Security Project (OWASP),SANS, Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. • Ability to explain technical vulnerabilities to both technical and non technical audience highlighting business risk. • Knowledge of at least one cloud technology (AWS, Azure,GCP) is desirable, preferrably AWS and Azure. • Good understanding of coding best practices and standards. • Good knowledge of at least one of the following programming/scripting languages viz. python, ruby, C#, powershell, C/C++, Java • Good communication skills. • Critical thinking and good problem-solving abilities. • Organized in planning and time management skills are preferred. • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable. Roles & Responsibilities -: Conduct vulnerability assessment and penetration testing for application, and other infrastructure Conduct application security assessment of web applications, mobile applications, thick-client application and API. Conduct configuration reviews for Operating System, Database, Middleware, Firewall, Routers, Switches and other infrastructure. Conduct red-team assessments Conduct cloud security assessments Conduct source-code review using automated and manual approaches Ensure timely execution of projects, delivery of status updates and final reports. Stay abreast of the latest updates in technology, security trends, vulnerabilities, exploit techniques and security news. Proficient in Ms-Excel and Powerpoint.

Essential Services: Role & Location fungibility To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service. The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role At ICICI Bank, Information Security Group believes in providing services to its customers in the safest and most secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities Support and Testing: Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis: Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaborate: Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation Key Qualifications & Skills Education Qualifications: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent Certifications: OSCP Compliance: Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Network Security: Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies: Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends.

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Position 1: Consultant - MAST Vanguard Requirements: Mandatory technical & functional skills •Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

*ONLY IMMEDIATE JOINERS PREFERRED* Job Title: Consultant - MAST Vanguard Experience: 4-7 Years Location: Bangalore (WFO 5 days) Work timings 12PM to 9PM Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages ( Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and leading remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA