Job Description

Job Summary:

Client is seeking an Application Offensive Security Consultant to join its Application Security team under the Technology Risk initiative. This role involves conducting offensive security assessments on applications and providing subject matter expertise to ensure application security best practices are followed.

The ideal candidate will have a strong background in manual application security testing , hands-on experience with red teaming/adversarial assessments , and a passion for exploring and improving software security.

Key Responsibilities:

• Conduct offensive security testing on web applications and APIs.
• Perform manual application threat hunting to identify risks and weaknesses.
• Identify vulnerabilities using manual methodologies and tools - not just scanners.
• Generate detailed vulnerability assessment reports for remediation efforts.
• Provide expert input on application security enhancements.
• Collaborate with Security Architects, Product Managers, Risk Managers , and cross-functional teams to support secure development.

Required Qualifications:

• 6+ years of experience testing web applications.
• 4+ years of hands-on experience with application penetration testing tools like Burp Suite and OWASP ZAP .
• Proven ability to manually discover and exploit vulnerabilities from the OWASP Top 10 without relying solely on automated tools.
• Working knowledge of the MITRE ATT&CK Framework and adversarial techniques.
• Bachelor's degree or equivalent work experience.
• Strong understanding of offensive security methodologies and how to apply them effectively.

Preferred (Nice to Have):

• Offensive security or penetration testing certifications (e.g., OSCP, OSCE).
• Certificates of attendance for red teaming or penetration testing training.
• Active participation in CTF competitions or platforms like HackTheBox , TryHackMe .
• Ability to multitask, work under pressure, and remain flexible.

Job Tags

Similar Jobs