Senior Web Application Penetration Testing Engineer

Job Title: Senior Web Application Penetration Testing Engineer
Company Name: Sony India Software Centre Job Description: As a Senior Web Application Penetration Testing Engineer at Sony India Software Centre, you will be responsible for identifying and mitigating security vulnerabilities within web applications and services. You will conduct comprehensive penetration tests, vulnerability assessments, and security audits to ensure the integrity and security of our software products. Additionally, you will work closely with development teams to provide guidance on best security practices and support in the implementation of secure coding standards. Your expertise will help drive a culture of security awareness and foster secure development practices across the organization.

Key Responsibilities:

- Experience in the range of 8+ years. Work timings being 9AM-6PM.

- Conduct thorough penetration testing of web applications to identify security weaknesses.

- Operate a hands-on role involving penetration testing and vulnerability assessment activities of all types of applications, networks, Web services/APIs and mobile applications/devices.

- Perform vulnerability assessments and security audits of web applications and services.

- Analyze test results and create detailed reports on findings, vulnerabilities, and recommendations for remediation.

- Collaborate with software development teams to integrate security practices into the software development lifecycle (SDLC).

- Stay updated with the latest security threats, vulnerabilities, and industry trends to continuously improve testing methodologies.

- Provide training and support for development teams on secure coding practices and security measures.

- Assist in the development of security policies, standards, and guidelines for web applications.

- Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response

- Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management

- The ability to articulate risks and findings to management

- Excellent communication skills both written and verbal.

- Critical thinking and good problem-solving abilities.

- Organized planning and time management skills are preferred.

Skills and Tools Required:

- Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.

- Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.

- Strong knowledge of web application security vulnerabilities (e.g., OWASP Top Ten).

- Proficiency in penetration testing tools such as Burp Suite, OWASP ZAP, Metasploit, and others.

- Experience with web application frameworks and technologies (e.g., HTML, JavaScript, CSS, API security).

- Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems

- Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit

security architecture and design, SAST, SCA, Pentesting

- Experience in preparing a security threat model and associated test plans.

- Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.

- In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.

- Understanding of networking concepts and protocols (e.g., TCP/IP, HTTP/S).

- Ability to analyze and evaluate security design and implementation in web applications.

- Excellent communication skills to articulate security risks and recommendations to technical and non-technical stakeholders.

- Relevant certifications (e.g., CEH, OSCP, OSCP+) are preferred

- Knowledge of current information security threats. Good understanding of coding best practices and standards.

This position offers an exciting opportunity to be at the forefront of web application security in a dynamic and innovative environment at Sony India Software Centre. If you are passionate about security and looking to make a significant impact, we encourage you to apply.

About the Role:
In this position, you will focus on conducting thorough penetration testing for web applications to identify vulnerabilities and assess security risks. You will work on enhancing the security posture of Sony's web applications, ensuring they meet industry standards and best practices. Collaborating with cross-functional teams, you will contribute to the overall security strategy of the organization. About the Team: You will be a part of a dedicated security team that emphasizes collaboration and continuous learning. The team consists of experienced professionals with varied backgrounds in cybersecurity, software development, and risk management. Together, you will foster an environment that encourages innovation and the sharing of knowledge to stay ahead of emerging threats. You are Responsible for: Conducting comprehensive penetration tests on web applications to identify security vulnerabilities. Developing detailed reports that outline findings, risk assessments, and recommendations for remediation. Collaborating with development and operations teams to ensure security best practices are integrated into the software development lifecycle. Keeping up to date with the latest security trends, tools, and methodologies to enhance testing capabilities. To succeed in this role – you should have the following: Proven experience in web application penetration testing, including familiarity with common security vulnerabilities such as OWASP Top Ten. Strong knowledge of web technologies, protocols, and application architectures. Proficiency in using various penetration testing tools and frameworks. Excellent problem-solving skills and the ability to communicate complex security concepts to technical and non-technical stakeholders.