Pentester

Simpaisa is looking for a motivated Penetration Tester / Application Security Engineer with 2+ years of hands-on experience in identifying and exploiting vulnerabilities in web applications and APIs. The role will involve performing penetration testing, application security assessments, and secure development support for modern applications.

Candidates with Java development experience or familiarity with Java-based application architectures will be strongly preferred. Experience with cloud environments and identity systems such as AWS and Azure Active Directory (AAD) will be considered an advantage.

Key Responsibilities:

• Perform manual penetration testing on web applications and APIs.
• Conduct API security testing including authentication, authorization, data validation, and rate-limiting assessments.
• Identify vulnerabilities including OWASP Top 10 issues such as SQL Injection, XSS, CSRF, SSRF, IDOR, authentication bypass, and security misconfigurations.
• Conduct secure code reviews with emphasis on Java applications.
• Use security tools to assist manual testing activities and validate findings.
• Assist in static and dynamic security testing (SAST / DAST) activities.
• Perform application threat modeling and security design reviews.
• Work with engineering teams to improve security architecture and design.

Required Skills & Qualifications

• 2+ years of experience in Penetration Testing or Application Security.
• Strong understanding of Web Application Security and OWASP Top 10.
• Experience testing Web Applications and REST APIs.
• Familiarity with Java application architecture and secure coding practices.
• Knowledge of authentication mechanisms such as OAuth, JWT, SAML, and session management.
• Understanding of secure SDLC and application security principles.
• Strong analytical and communication skills.
• Experience in Java development or Java code review for security issues.