REF45531B-VAPT - Senior Analyst - Security Specialist

Company Description

WNS (Holdings) Limited (NYSE: WNS), is a leading Business Process Management (BPM) company. We combine our deep industry knowledge with technology and analytics expertise to co-create innovative, digital-led transformational solutions with clients across 10 industries. We enable businesses in Travel, Insurance, Banking and Financial Services, Manufacturing, Retail and Consumer Packaged Goods, Shipping and Logistics, Healthcare, and Utilities to re-imagine their digital future and transform their outcomes with operational excellence.We deliver an entire spectrum of BPM services in finance and accounting, procurement, customer interaction services and human resources leveraging collaborative models that are tailored to address the unique business challenges of each client. We co-create and execute the future vision of 400+ clients with the help of our 44,000+ employees.

Job Description

• Core Responsibilities of Conduct comprehensive security assessments of web applications to identify vulnerabilities such as SQL injection, XSS, CSRF, and other OWASP
• Top 10 vulnerabilities. + With bypass methods o Work closely with developers to provide actionable recommendations for mitigating identified issues.
• Perform security assessments on RESTful and SOAP APIs to identify security flaws, including improper authentication, authorization, and data exposure.
• Ensure APIs are securely integrated with other systems and follow best security practices.
• Conduct security testing on mobile applications (iOS and Android) to detect vulnerabilities like insecure storage, weak encryption, and insecure communication.
• Collaborate with mobile development teams to provide secure coding practices and remediation guidance.
• Perform penetration tests on thick client applications, focusing on client-server communication, application logic, and security controls.o Identify weaknesses and recommend appropriate security enhancements.

Required Skills:

• Extensive experience in Web Application Security and penetration testing.

• Strong expertise in API Security with knowledge of common vulnerabilities and attack vectors.

• Hands-on experience with Mobile Application Security testing (iOS and Android).

• Proficiency in Thick Client Security assessment.

• Familiarity with tools such as Burp Suite, OWASP ZAP, Postman, Frida, Qualys, and other relevant penetration testing tools.

• Knowledge of OWASP, SANS, and other relevant security frameworks.

• Strong analytical skills and attention to detail.

• Vulnerability Management skills with experience using tools like Qualys would be a plus point.

Additional Skills:

• Excellent communication skills (written and verbal) for preparing and delivering security reports.

• Ability to work independently and as part of a team.

• Strong problem-solving skills and a proactive approach to identifying security risks.

• Continuous learning mindset with a passion for staying ahead in the field of cybersecurity.

Preferred Qualifications:

• We prefer candidates with certifications such as OSCP, EWPTX, CRTP, CRTE, or CPTS.

Qualifications

1. Bachelors Degree 2. Candidates with either of certifications such as OSCP, EWPTX, CRTP, CRTE, or CPTS would be preferred.