Job Description

Job Overview

We are seeking an experienced Penetration Tester with a strong focus on Java application security to help safeguard large-scale enterprise applications. The ideal candidate will have a solid development background, deep understanding of secure coding practices, and hands-on experience identifying and remediating vulnerabilities in Java-based environments.

Key Responsibilities

• Perform penetration testing and vulnerability assessments on Java applications and supporting infrastructure.
• Analyze Java source code using both automated and manual methods to uncover security flaws.
• Simulate real-world attacks by developing custom exploits and using penetration testing tools.
• Collaborate with development teams to understand application architecture and integrate security early in the SDLC.
• Work with QA teams to align penetration testing with manual and automated test strategies.
• Provide detailed, actionable guidance on remediation of security vulnerabilities.
• Stay current with the latest Java-specific threats, industry trends, and best practices.
• Respond to and investigate Java-related security incidents, particularly those involving published CVEs (e.g., NIST).
• Produce comprehensive technical reports, including risk assessments and mitigation strategies.
• Communicate findings and recommendations clearly to both technical and non-technical stakeholders.
• Contribute to the development of secure coding standards and internal security policies.
• Examine application behavior by manipulating URLs, browser data, tokens, and cache to identify vulnerabilities across production and non-production environments.
• Apply frameworks such as MITRE ATT&CK for threat modeling and assessments.

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field.
• Minimum 6 years of experience in application security or DevSecOps roles.
• Strong hands-on experience with Core Java development and secure coding practices.
• Proven background working on large-scale public sector or enterprise applications.
• Expertise in Java application penetration testing and ethical hacking techniques .
• Deep understanding of OWASP Top 10 , secure software development lifecycle (SDLC), and web application vulnerabilities (e.g., SQL Injection, XSS).
• Proficiency with industry-standard tools such as Burp Suite , Metasploit , Fortify SAST/DAST , etc.
• Working knowledge of cryptographic protocols (SSL/TLS) and secure communications.
• Strong scripting skills (e.g., Python, Bash) for automation and exploit development.
• Excellent problem-solving, communication, and documentation skills.
• High ethical standards and commitment to confidentiality.

Job Tags

Similar Jobs