Security Tester engineer / Application Security Analyst

Job Title: Security Test Engineer / Application Security Analyst Key Responsibilities Perform comprehensive vulnerability assessments and penetration testing, including tests for CSRF, XSS, SQL Injection, and other OWASP Top 10 vulnerabilities. Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on applications and APIs. Use security tools such as ZAP Proxy, Trivy, Burp Suite, Nikto, etc., to detect and validate vulnerabilities. Develop and execute test plans and test cases aligned with security frameworks and standards (e.g., OWASP, NIST). Collaborate with cross-functional teams to integrate security testing into CI/CD pipelines. Participate in bug triage and root cause analysis for identified vulnerabilities. Analyze application logs and system behavior to detect anomalies and trace potential threats. Review and evaluate security policies, propose improvements, and assist in ensuring policy enforcement. Maintain documentation related to security findings, test cases, and remediation guidance. Required Qualifications Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field. 5 + years of experience in security testing, vulnerability scanning, and application hardening. Strong understanding of web application security principles and secure coding practices. Hands-on experience with ZAP Proxy, Trivy, and/or similar tools. Familiarity with SAST/DAST tools and techniques. Knowledge of network and application-layer protocols and attacks. Solid understanding of bug triage processes and tracking systems like JIRA or Bugzilla. Strong analytical and problem-solving skills, with attention to detail. Skills: nikto,zap testing,sql injection,proxy,vulnerability,bug triage,penetration testing,vulnerability assessments,testing,analytical skills,root cause analysis,trivy,problem-solving skills,security frameworks,test cases,dynamic application security testing (dast),zap proxy,security policies,ci/cd pipelines,burp suite,static application security testing (sast) Show more Show less