Penetration Tester

(Local candidates only as F2F Interview is must) Project Overview

The client is seeking an experienced Penetration Tester with strong expertise in Java application security to support large-scale enterprise applications. The role focuses on identifying, testing, exploiting, and helping remediate vulnerabilities across Java-based applications and infrastructure environments.

The ideal candidate will have a strong background in both software engineering and DevSecOps/security testing, with hands-on experience performing penetration testing, vulnerability assessments, secure code reviews, and application security analysis.

Key Responsibilities

- Conduct penetration testing and vulnerability assessments for Java applications and supporting infrastructure.

- Identify security vulnerabilities in Java code using both manual and automated testing techniques.

- Develop and execute custom exploits to simulate real-world attacker behavior.

- Collaborate with development teams to understand application architecture and identify security risks early in the SDLC.

- Work closely with QA and testing teams to support both manual and automated security testing efforts.

- Provide recommendations for secure coding practices and vulnerability remediation.

- Stay current with emerging Java security threats, vulnerabilities, and industry best practices.

- Support the improvement of secure software development lifecycle (SDLC) processes.

- Assist in responding to security incidents involving Java vulnerabilities and published NIST CVEs.

- Prepare detailed security assessment reports including technical findings, risk analysis, and remediation recommendations.

- Communicate security findings effectively to both technical and non-technical stakeholders.

- Contribute to the development of security standards and policies related to Java development and deployment.

- Analyze URLs, query parameters, browser data, tokens, cache behavior, and production vs. non-production environments for potential penetration paths.

- Apply knowledge of the MITRE ATT&CK Framework during security assessments.

Required Qualifications

- Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related field.

- Minimum 6 years of experience in Development and/or Security roles.

- Prior experience in DevSecOps or application security within large-scale enterprise environments.

- Strong hands-on experience with Core Java development.

- Experience performing penetration testing and ethical hacking focused on Java applications.

- Strong understanding of web application security principles and OWASP standards.

- Knowledge of common web vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), and related exploit techniques.

- Experience using penetration testing tools such as Burp Suite and Metasploit.

- Familiarity with Fortify on Demand SAST and DAST tools.

- Understanding of cryptography and secure communication protocols such as SSL/TLS.

- Strong analytical, troubleshooting, and problem-solving skills.

- Excellent written and verbal communication skills.

- High ethical standards and ability to handle confidential information.

Technical & Soft Skills

Technical Skills

- Core Java

- Penetration Testing

- Ethical Hacking

- Application Security

- DevSecOps

- OWASP Security Standards

- Burp Suite

- Metasploit

- Fortify on Demand (SAST/DAST)

- SQL Injection & XSS Testing

- Cryptography

- SSL/TLS

- MITRE ATT&CK Framework

- API Testing

- Secure Code Review

- Vulnerability Assessment

- SDLC Security Integration

Preferred Skills

- Security certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP, or equivalent

- Python or Bash scripting

- Cloud security testing

- Mobile application penetration testing

- Knowledge of HIPAA compliance requirements

Soft Skills

- Strong communication and documentation skills

- Collaboration with cross-functional teams

- Critical thinking and analytical mindset

- Attention to detail

- Professional integrity and confidentiality