Software Test Engineering II-SUPPORT SERVICES-Applications-CTB

Job Title: Penetration Tester (Web Applications and REST APIs)

Location: Bengaluru 

Job Type: Full-time

About Us:

Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems.

Job Summary:

The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation.

Key Responsibilities:

• Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques
• Identify vulnerabilities in web applications, including but not limited to:
  • SQL injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Authentication and authorization weaknesses
  • Session management issues
• Test REST APIs for security vulnerabilities, including but not limited to:
  • Input validation and sanitization
  • Error handling and logging
  • Authentication and authorization mechanisms
  • Data encryption and transmission
• Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation
• Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner
• Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development

Requirements:

• 3+ years of experience in penetration testing, with a focus on web applications and REST APIs
• Strong understanding of web application security concepts, including but not limited to:
  • OWASP Top 10
  • Web Application Security Risks (WASR)
  • Secure Coding Practices
• Experience with various penetration testing tools, including but not limited to:
  • Burp Suite
  • ZAP
  • Nmap
  • AJP
  • SQL injection tools (e.g. sqlmap)
• Strong understanding of REST API security concepts, including but not limited to:
  • API Security Frameworks (e.g. OAuth 2.0)
  • Data encryption and transmission protocols (e.g. HTTPS)
  • Authentication and authorization mechanisms (e.g. JWT)
• Experience with scripting languages (e.g. Python, Ruby) is a plus
• Strong analytical and problem-solving skills
• Excellent communication and reporting skills

Nice to Have:

• CISSP or equivalent security certification
• CEH or equivalent penetration testing certification
• Experience with cloud-based services (e.g. AWS, Azure)
• Familiarity with Agile development methodologies
• Experience with DevOps tools (e.g. Docker, Jenkins)

What We Offer:

• Competitive salary and benefits package
• Opportunities for professional growth and development
• Collaborative and dynamic work environment
• Flexible working hours and remote work options