Immediate Hiring_Web application Security Testing_Coforge_Hyderabad

we are looking for Security Testers

if Interested please share details to mounika.tungala@coforge.com

Total Exp :

Rel Exp :

ctc :

Exp ctc:

Notice period :

Current Payroll company :

ready to relocate to Hyderabad :

Availability for Interview on 11th & 12th December :

Role Description:

Application Security Engineer skilled in Dynamic Application Security Testing (DAST) and Network Penetration Testing (NPT). The role involves embedding security practices throughout the Software Development Life Cycle (SDLC) and collaborating closely with development and DevSecOps teams to deliver secure, production-ready applications and should be willing to travel onsite for short engagements.

Key Responsibilities

• Perform DAST and network penetration tests across environments and CI/CD pipelines.
• Integrate security validation across all SDLC phasesfrom design to deployment.
• Conduct secure code reviews and collaborate with developers for remediation.
• Operate both open-source and commercial tools (Burp Suite, OWASP ZAP, AppScan, WebInspect, Fortify, Netsparker, etc.).
• Automate scans and integrate findings into CI/CD systems.
• Prepare detailed vulnerability reports, PoCs, and risk remediation plans.
• Participate in onsite engagements for client security assessments when required.
• Perform hands-on manual penetration tests for web, API, and network targets.
• Manually validate and exploit findings from automated scanners to reduce false positives.
• Execute authenticated and unauthenticated test cases, including business-logic abuse and chained vulnerabilities.

Required Skills

• 5+ years of hands-on experience in Application Security, Mobile Security and Network Penetration Testing.
• Deep understanding of web, API, and network security fundamentals.
• Strong knowledge of SDLC and secure coding practices.
• Familiar with OWASP Top 10, SANS CWE, and NIST 800-115.
• Experience collaborating in Agile / DevSecOps environments and teams

Good to Have

• Prior participation in bug bounty or responsible disclosure programs.
• Scripting ability in Python, Bash, or JavaScript.
• Certifications: OSCP, OSWE, CEH, GWAPT, or GPEN.
• Experience with mobile app testing, SAST/IAST, or cloud security.
• Knowledge of container and API security automation.