Previous Job
Previous
Role: Security Tester
Ref No.: 25-01681
Location: Iselin, New Jersey
Role: Security Tester
Location: Carmel, Indiana (All 5 Days onsite)
Contract positionl

Overview

We are seeking a Security Tester with strong hands-on experience in Application Security Testing, Vulnerability Assessment, SAST/DAST tools, and secure code review. The ideal candidate must have expertise in Checkmarx, Nessus, IBM AppScan, and other vulnerability scanning tools. This role requires a hands-on security engineer capable of identifying vulnerabilities, validating security issues, and collaborating with DevOps, QA, and engineering teams to ensure secure application development.

Responsibilities

  • Perform application security testing using SAST/DAST tools such as Checkmarx, IBM AppScan, and Nessus.

  • Conduct vulnerability assessments, penetration testing, and secure code reviews for web and mobile applications.

  • Analyze scan reports, validate vulnerabilities, and provide remediation guidance to development teams.

  • Perform API security testing, including authentication, authorization, token validation, and payload manipulation.

  • Implement security best practices across SDLC and CI/CD pipelines.

  • Document vulnerabilities, risk ratings, remediation steps, and mitigation strategies.

  • Work with cross-functional teams (Dev, QA, DevOps, Cloud) to ensure secure application design.

  • Maintain security testing documentation, test cases, and guidelines.

  • Continuously evaluate and integrate new security tools, techniques, and frameworks.

  • Experience working in Agile environments with sprint-based security testing.

Skills

  • Hands-on experience with Checkmarx (SAST), Nessus (Vulnerability Scanning), and IBM AppScan (DAST).

  • Strong understanding of OWASP Top 10, CWE, CVE, CVSS scoring, and secure coding principles.

  • Experience with API security, including token security, session management, and injection-based attacks.

  • Knowledge of Web and API vulnerabilities, such as XSS, CSRF, SQLi, authentication bypass, IDOR, SSRF, RCE, etc.

  • Ability to analyze SAST/DAST scan results and validate false positives.

  • Hands-on scripting skills (Python, Bash, or PowerShell preferred).

  • Familiarity with cloud security concepts (AWS/Azure/GCP).

  • Strong documentation and reporting skills.