Application Security Tester, VAPT 4-6 Yrs || Mumbai

Company Description

WNS (Holdings) Limited (NYSE: WNS), is a leading Business Process Management (BPM) company. We combine our deep industry knowledge with technology and analytics expertise to co-create innovative, digital-led transformational solutions with clients across 10 industries. We enable businesses in Travel, Insurance, Banking and Financial Services, Manufacturing, Retail and Consumer Packaged Goods, Shipping and Logistics, Healthcare, and Utilities to re-imagine their digital future and transform their outcomes with operational excellence.We deliver an entire spectrum of BPM services in finance and accounting, procurement, customer interaction services and human resources leveraging collaborative models that are tailored to address the unique business challenges of each client. We co-create and execute the future vision of 400+ clients with the help of our 44,000+ employees.

Job Description

Role Overview:

As an Application Security Tester, you should have good technical knowledge and will be responsible for conducting security assessments across various platforms, including web applications, APIs, Gen AI, Chatbots, mobile applications, and thick client environments.

Your expertise will play a crucial role in identifying vulnerabilities and working with development teams to implement effective remediation strategies.

• Core Responsibilities

• Conduct comprehensive security assessments of web applications based on CI/CD, Gen AI, Cloud to identify OWASP Top 10 and any other vulnerabilities affecting application security+ With bypass methods

• Work closely with developers to provide actionable recommendations for mitigating identified issues.

• Perform security assessment on API adhering to OWASP API security risk and ensure secure integration of API with respective application

• Conduct security testing on mobile applications (iOS and Android) to detect vulnerabilities like insecure storage, weak encryption, and insecure communication.

• Should have knowledge of testing Gen AI applications

• Perform testing on thick client applications, focusing on client-server communication, application logic, and security controls.

• Identify weaknesses and recommend appropriate security enhancements.

Continuous Improvement:

Stay updated on the latest threats, vulnerabilities, and security trends.

Continuously enhance testing methodologies to address emerging security challenges.

Required Skills:

• Extensive experience in Web Application Security.

• Strong expertise in API Security with knowledge of common vulnerabilities and attack vectors.

• Hands-on experience with Mobile Application Security testing (iOS and Android).

• Proficiency in Thick Client Security assessment.

• Familiarity with tools such as Burp Suite, OWASP ZAP, Postman, Frida, Qualys, and other relevant testing tools.

• Knowledge of OWASP, SANS, and other relevant security frameworks.

• Strong analytical skills and attention to detail.

• Vulnerability Management skills with experience using tools like Qualys would be a plus point.

Qualifications

• Bachelor’s degree with either of certifications such as OSCP, EWPTX, CRTP, CRTE, or CPTS would be given high weightage