Application Penetration Tester

**Job Title**: Application Penetration Tester & Secure Code Reviewer (Urgent Requirement)

**Location**: Mumbai (Hybrid)

**Department**: Information Security / Application Security

**Reports To**: CISO, Mswipe Technologies Pvt. Ltd.

**Role Overview**

Mswipe Technologies is seeking a skilled **Application Security Specialist** proficient in **penetration testing and secure code review** to strengthen the security posture of its payment and fintech platforms.

This role requires close collaboration with developers, QA, and infrastructure teams to embed security within the **Secure SDLC (SSDLC)** and **DevSecOps** environment.

**Key Responsibilities**

**1. Application Penetration Testing**
- Identify vulnerabilities related to **OWASP Top 10** categories such as Injection, Broken Authentication, Security Misconfigurations, and Sensitive Data Exposure.
- Simulate real-world attack vectors to assess exploitability and impact.
- Validate fixes and perform **retesting** post-remediation.
- Prepare detailed reports with **risk severity, technical details, business impact, and mitigation recommendations.**:
**2. Secure Code Review**
- Conduct **manual and tool-assisted code reviews** (Java, Python,.NET, Node.js, PHP, etc.) to detect security weaknesses aligned with **CWE/SANS Top 25**.
- Identify issues such as **improper input validation, insecure deserialization, broken access control, SQL injection**, and other common coding flaws.
- Provide **secure coding recommendations** and work closely with developers to remediate issues.
- Develop and maintain **Mswipe’s secure coding guidelines, checklists, and best practices.**:

- Participate in **code walkthroughs** and educate developers on secure coding techniques.

**3. Collaboration & Security Integration**
- Collaborate with product, engineering, and QA teams to **embed security within SDLC** stages.
- Support **threat modeling** and **architecture security reviews** for new features or system integrations.
- Conduct **developer training sessions** on OWASP, secure coding, and common attack prevention.

**Required Skills & Experience**
- Strong understanding of **OWASP Top 10**, **CWE/SANS Top 25**, and **OWASP ASVS** standards.
- Hands-on experience with tools such as:

- **Burp Suite Pro**, **OWASP ZAP**, **Postman**, **MobSF**, **Frida**, **Drozer**, **apktool**, **Metasploit**:

- **SAST tools**: SonarQube, Checkmarx, Fortify, Veracode
- **DAST tools**: OWASP ZAP, Netsparker, Acunetix
- Familiarity with **secure coding practices** in Java, JavaScript, Python, or similar languages.
- Knowledge of **API security**, **JWT/OAuth2**, and **cryptographic controls**.
- Strong communication skills to translate technical risks into business context.

**Preferred Certifications**
- **Offensive Security**: OSCP, OSWE, eWPT, GPEN, GWAPT (Anyone is Mandatory)
- **AppSec & Secure Coding**: CSSLP, CEH (Practical), eCPPT (Anyone is Mandatory)
- **Compliance Familiarity**: PCI DSS, ISO 27001, SOC 2

**Soft Skills**
- Analytical and methodical approach to problem-solving.
- Attention to detail and thorough documentation habits.
- Excellent written and verbal communication.
- Team player with proactive attitude and learning mindset.

**Performance Indicators**
- Reduction in recurring vulnerabilities across sprints.
- Code review coverage and vulnerability closure rate.
- Developer feedback and improvement in secure coding maturity.

**Work Mode & Environment**
- **Hybrid role**: 3 days per week from Mswipe’s Mumbai office.
- Opportunity to work closely with **security engineers, DevOps, and product teams** in an agile setup.

Pay: ₹900,000.00 - ₹1,100,000.00 per year

**Benefits**:

- Health insurance
- Paid sick time
- Provident Fund

Work Location: In person