Application Security & Penetration Testing Specialist

ONSITE ROLE


PEN Testing


Role Summary
The Application Security & Penetration Testing Specialist will be responsible for conducting security assessments across web, mobile, thick client, and instrumented applications. The role includes vulnerability analysis, criticality-based reporting, and close collaboration with development, application, and product teams to support remediation. The position also provides platform administration and analytics support for SAST, DAST, SCA, and vulnerability management tools, along with cloud and infrastructure assistance as required.


Key Responsibilities
Instrument / Network Penetration Testing
• Conduct security testing of instrumented or connected applications, including exposed network services and interfaces
• Use Nessus / Tenable.SC for vulnerability scanning and configuration assessment
• nalyse and prioritize vulnerabilities based on criticality
• Prepare detailed vulnerability reports and support application teams during remediation


Web Application Penetration Testing
• Perform security scanning and manual penetration testing of in-scope web applications
• Identify, analyze, classify, and prioritize vulnerabilities based on agreed standards such as:
o OWASP Top 10
o CVSS / CVS
o Organization-specific security standards
• Produce criticality-based vulnerability reports with clear remediation guidance
• Provide clarification and consultation support to Application, Development, and Asset Owner teams during vulnerability remediation


Mobile Application Penetration Testing
• Conduct security testing of in-scope mobile applications (Android/iOS)
• nalyze identified vulnerabilities and prioritize them based on severity and business risk
• Generate criticality-based reports for stakeholders
• Support application teams with remediation-related clarifications


Thick Client Penetration Testing
• Perform security assessments of thick client applications
• nalyze vulnerabilities related to client-server communication, authentication, authorization, and data protection
• Prioritize findings and prepare severity-based reports
• Provide consultation support to development and application teams


Additional Security Platform & Tooling Support SAST (Static Application Security Testing)
• Provide operational and administrative support for:
o Coverity on Polaris
o Polaris
o GitHub Application Security
• Manage user access, configurations, and scan operations
• Import SAST data into Power BI for:
o Security trend analysis
o Risk dashboards
• Generate management and operational reports from Power BI


DAST (Dynamic Application Security Testing)
• Provide support for WhiteHat DAST tool operations
• dminister tool configurations and access
• Import scan data into Power BI for analytics and reporting
• Generate vulnerability trend and compliance reports


SCA (Software Composition Analysis)
• Provide support for Black Duck SCA
• dminister tool usage, scan scheduling, and configurations
• Import vulnerability and license risk data into Power BI
• Generate trend, risk, and compliance reports


Vulnerability Management (Tenable)
• Provide support for Tenable.SC / Nessus
• Run vulnerability scans for product teams as required
• Provide tool administration, configuration, and access management
• Import scan data into Power BI
• Generate vulnerability posture and trend reports


Required Skills & Competencies
Technical Skills
• Strong knowledge of:
o Web, Mobile, Thick Client, and Network Security
o OWASP Top 10, CVSS, secure coding concepts
• Hands-on experience with:
o Nessus / Tenable.SC
o WhiteHat DAST
o Black Duck SCA
o Coverity / Polaris / GitHub Security
o Power BI (data import, analysis, dashboard creation)
• Understanding of AWS Cloud, containers, and infrastructure security
• Exposure to Jira administration
Soft Skills
• Strong analytical and problem-solving skills
• bility to communicate security risks clearly to technical and non-technical stakeholders
• Collaborative mindset with application, development, and product teams
• Good documentation and reporting skills


Preferred Qualifications
• Certifications such as:
o CEH, OSCP, GWAPT, AWS Security Specialty (preferred)
• Experience in regulated or enterprise environments
• Familiarity with DevSecOps practices and CI/CD security integration

Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.