Lead Engineer, Testing

 Job Description: We are seeking a highly experienced Senior Security / VAPT Tester specializing in .NET applications to join our cybersecurity team. The ideal candidate will have extensive expertise in vulnerability assessment and penetration testing, particularly using Burp Suite, and will adhere to Application Security Practices (ASP) guidelines. This role requires a deep understanding of manual and automated security testing methodologies, with a strong focus on effective reporting of security findings and remediation recommendations.

Responsibilities:

• Vulnerability Assessment & Penetration Testing: Conduct thorough vulnerability assessments and penetration tests on .NET applications to identify security weaknesses and risks.
• Utilization of Burp Suite: Use Burp Suite extensively to analyze web application security, detecting issues such as SQL injection, cross-site scripting (XSS), and other vulnerabilities.
• Manual & Automated Testing: Execute both manual and automated security testing strategies, ensuring comprehensive coverage of application security requirements.
• Reporting & Documentation: Prepare detailed reports that outline security findings, including risk assessment, vulnerability descriptions, and actionable remediation strategies, ensuring clear communication with technical and non-technical stakeholders.
• Compliance & ASP Guidelines: Ensure that testing methodologies align with industry standards and ASP guidelines, maintaining a high standard of application security.
• Collaboration: Work closely with development teams to integrate security best practices throughout the software development lifecycle (SDLC).
• Training & Awareness: Mentor junior team members and conduct security awareness training for technical staff to promote a culture of security within the organization.
• Continuous Improvement: Stay updated on the latest security threats, vulnerabilities, and best practices to enhance security testing processes and tools.

Qualifications:

• Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Experience: 8-10 years of experience in security testing, specifically for .NET applications.
• Technical Proficiency: Strong proficiency in using Burp Suite for web application security testing.
• Security Methodologies: Solid understanding of manual and automated security testing methodologies, including penetration testing techniques.
• Reporting Skills: Demonstrated experience in preparing comprehensive security assessment reports and communicating findings effectively.
• Certifications: Relevant security certifications (e.g., CEH, OSCP, CISSP) are highly desirable.
• Analytical Skills: Excellent analytical, problem-solving, and critical-thinking skills.
• Communication: Strong written and verbal communication skills, capable of presenting technical information clearly and effectively.

Desirable:

• Experience with secure coding practices specific to .NET frameworks.
• Knowledge of cloud security principles and practices, particularly in Azure environments.
• Familiarity with compliance standards such as PCI-DSS, HIPAA, and GDPR.