Role Overview:
The Application VAPT Engineer is responsible for identifying security vulnerabilities in web applications, APIs, and source code to ensure secure digital platforms.
Key Responsibilities:
- Conduct Web and API penetration testing.
- Perform Static Application Security Testing (SAST) and Software Composition Analysis (SCA).
- Identify OWASP Top 10 and business logic vulnerabilities.
- Perform manual exploitation and false-positive validation.
- Prepare detailed vulnerability assessment reports with remediation guidance.
- Support re-testing and vulnerability closure.
- Collaborate with development and DevOps teams.
Educational Qualification:
- Bachelor’s degree in Computer Science, IT, or Cybersecurity.
Relevant Certifications (Preferred):
- CEH (Certified Ethical Hacker)
- GWAPT
- OSCP / eJPT
- DevSecOps certifications (optional)
Key Expertise:
- Web and API security testing
- SAST, SCA, and secure code review
- OWASP Top 10 and API Top 10
- Tools: Burp Suite, OWASP ZAP, Snyk, Checkmarx, Fortify
- CI/CD security integration
Experience: 3–5 Years