8+ years of working experience and strong understanding of application vulnerability assessment and penetration testing
Working experience and good hands-on understanding of manual penetration testing and updated with latest tactics, techniques and procedures for complex applications/ APIs
Proficiency with vulnerability assessment & penetration testing tools (Burp Suite, OWASP ZAP, and other commercial and open-source tools)
Strong expertise in planning and create penetration testing methods, scripts and test cases
Good Understanding of IT security policy, procedure, design, and implementation
Ability to analyze and investigate security-related vulnerabilities and identify false positives
Strong understanding of architecture diagrams and evaluating complex applications/ APIs
Strong information security threat and risk-based prioritization and triaging abilities
Solid foundation of common software vulnerabilities and their remediation/ mitigation techniques
Working knowledge of regulatory and industry security standards (e.g. GDPR, HIPAA, PCI DSS, SOX, NIST, DORA and GLBA)
Working knowledge of penetration testing using industry best practices such as OWASP top 10, CWE/ SANS TOP 25 standards and Threat-Led Penetration Testing (TLPT)
Proficiency with documenting and reporting security issues and vulnerabilities, providing recommendations for remediation and demonstrating/ explaining to a wide audience
Relevant certifications (e.g., OSCP, CEH, CISSP) ar