Security Analyst - API Security
Chennai, India
⚠️ We'll shut down after Aug 1st - try foo🦍 instead ⚠️
Lennox International
Explore Lennox comfort and energy-efficient solutions for heating and cooling your space. Upgrade your home's HVAC system with industry-leading solutions.Company Profile
Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member’s contributions and offers a supportive environment for career development. Come, stay, and grow with us.
Job Description
Perform Dynamic Application Security Testing (DAST) on APIs and web applications using both manual and automated methods.
Analyze DAST scan results, identify and prioritize vulnerabilities based on risk.
Participate in triage sessions with application teams to explain and document vulnerabilities.
Conduct deep API security testing (REST, SOAP, GraphQL) to uncover issues like BOLA, logic flaws, and abuse scenarios.
Perform red teaming, adversary emulation, and use offensive security tools (if applicable).
Craft custom exploit chains and adaptive payloads to validate vulnerabilities (e.g., deserialization, command injection, broken access control).
Maintain and improve custom testing scripts, payload repositories, and test cases.
Conduct Static Application Security Testing (SAST) as needed and understand differences from DAST.
Use and maintain various security tools (e.g., Burp Suite, NetSparker, Checkmarx, Veracode, Fortify).
Collaborate with developers, DevOps, and security teams to address identified vulnerabilities.
Communicate security findings effectively to both technical and non-technical audiences.
Maintain thorough documentation of security tests, findings, and remediation efforts.
Contribute to improving security testing processes and strategies.
Qualifications
Experience: 5–7 years in Web Application Security Testing, including DAST, SAST, and API Security.
Strong knowledge of API security principles and common vulnerabilities.
Proficiency in Kali Linux penetration testing tools like SQLMAP, Dirbuster, etc.
Working knowledge of HTML and JavaScript.
Added advantage: Proficiency in front-end (e.g., .NET, Java) and back-end technologies (e.g., Oracle).
Exposure to common web vulnerabilities such as SQL Injection, XSS, CSRF; experience in bug bounty programs is a plus.
Experience in security testing of mobile apps and IoT applications is a bonus.
Familiarity with security testing tools:
DAST tools: Burp Suite, NetSparker
SAST tools: Checkmarx, Veracode, Fortify
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills.
Security certifications (Offensive Security, SANS, CREST, etc.) focused on web application security are a strong plus
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Burp Suite Checkmarx CREST CSRF DAST DevOps Exploit IoT Java JavaScript Kali Linux Offensive security Oracle Pentesting Red team SANS SAST SQL SQL injection Veracode Vulnerabilities XSS
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.