Position Summary:
The Web Application Security Analyst/Engineer is responsible for ensuring the security of enterprise web applications and related cloud environments. This role focuses on identifying, analyzing, and mitigating security vulnerabilities across applications, APIs, and infrastructure through both manual and automated testing, while supporting secure development practices across the SDLC. Leverage AI/ML technologies across threat detection, vulnerability assessment, secure coding, WAF management, and cloud security operations to automate analysis, accelerate remediation, and enhance overall security posture.
The ideal candidate will have strong hands-on experience with Burp Suite, Web Application Firewalls (preferably Cloudflare), and application security testing methodologies (DAST, SAST, and SCA). Experience in penetration testing, AWS security, and a deep understanding of the OWASP Top 10 are highly desirable.
Key Responsibilities:
Perform comprehensive web application vulnerability assessments using Burp Suite, DAST, SAST, and SCA tools.- Manage and tune Web Application Firewalls (WAF) — preferably Cloudflare — to detect, prevent, and mitigate web-based attacks.
- Collaborate with development and DevOps teams to integrate security testing into CI/CD pipelines and ensure secure coding practices.
- Review code and configurations for vulnerabilities and recommend effective remediation strategies.
- Conduct threat modeling and security reviews for new and existing web applications.
- Provide expert guidance on addressing findings aligned with OWASP Top 10 risks and other relevant frameworks.
- Perform periodic penetration testing of web applications and APIs to identify real world attack vectors.
- Support vulnerability management and tracking through resolution, partnering closely with engineering and IT teams.
- Assist in the design and maintenance of secure architectures for AWS-hosted applications and services.
- Develop and deliver security awareness training specific to web application security for developers and engineers.
Qualifications & Experience:
Required:
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience.
• 3-5 years of experience in web application security or a related cybersecurity role. • Strong hands-on experience with:
o Burp Suite (Professional or Enterprise)
o Web Application Firewalls (preferably Cloudflare)
o DAST, SAST, and SCA tools (e.g., OWASP ZAP, Veracode, Checkmarx, SonarQube, Snyk, etc.)
o Terraform for secure cloud infrastructure deployment
- Solid understanding of OWASP Top 10, secure SDLC, and common web vulnerabilities (XSS, SQLi, CSRF, etc.).
- Familiarity with AWS cloud security concepts, IAM policies, and application deployment in cloud environments.
Preferred / Added Advantage:
- Experience performing manual penetration testing and vulnerability exploitation.
- Experience with automation or scripting languages (Python, Bash, or PowerShell) for security testing or integration.
- Good to have relevant certifications such as GWAPT, OSWE, OSCP, or CEH.
Soft Skills:
- Strong analytical and problem-solving abilities.
- Excellent communication and collaboration skills, with the ability to explain complex security concepts to technical and non-technical audiences.
- Detail-oriented, proactive, and capable of working independently in a fast-paced environment.
