Web Application Security Test Engineer

This is a Web Application Security Testing role, not a penetration testing position. The focus is on candidates who have hands-on experience testing real enterprise-level web applications (such as banking platforms or other large-scale applications), rather than performing generic or exploratory penetration testing.

• The ideal candidate must have a deep understanding of OWASP Top 10 vulnerabilities, including the ability to clearly explain the root cause of each vulnerability, how to test for it, and how to fix it.
• Strong knowledge of SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) is the key on this role, along with hands-on experience using tools like Burp Suite and similar security testing platforms.
• A key requirement of the role is strong expertise in authentication and authorization testing, including areas such as login systems, password-based authentication, multi-factor authentication (MFA/OTP), biometrics, and understanding potential failure points within these flows.
• Beyond identifying vulnerabilities, the candidate must act as a security advisor to development teams. This means not only detecting issues but also being able to explain the root cause, recommend solutions, and guide developers on how to remediate them effectively.

In short, they need a Web Application Security expert who can deeply understand vulnerabilities, test them in real enterprise systems, and guide developers on fixing them, not just a penetration tester.

• Deep understanding of different web application technologies, web protocols (HTTP, HTTPS, etc.), browser technologies, etc.
• In depth domain understanding of application security in terms of Identity and Access Management (IAM), different authentication technologies (passwords, biometrics, OTP, digital certificates & PKI, device authentication, FIDO U2F/Passkeys, etc.
• Proven expertise on different security testing tools (Proxy tools like Fiddler, Black box security testing tools like Burp, Static Security Code analysis tools,
• Deep understanding of different application security vulnerabilities such as OWASP Top 10, SANS Top 25, CWE, attack patterns (CAPEC), etc.

Sensiple Inc is a New Jersey corporation with over two decades of expertise in technology-driven solutions specialising in Customer Experience, Contact Center Solutions, Digital Transformation, Cloud Computing & Independent Testing. With an expert team that has enriched experience in executing & developing sustainable IT strategies in Healthcare, Technology, Retail, Logistics, Education, Telecommunications, Government and Media, we help our diverse customers to envision the future. By developing highly scalable and consistent solutions, our primary goal is to deliver excellence at all levels and delight our customers and drive them to a better future.