Senior Application Security Engineer (KE)

Required Skillsets

Technical Skills

• 5+ years of penetration testing experience
  

• Deep knowledge of:
  

  • OWASP Top 10 (Web, API)
    

  • Business Logic Exploitation
    

  • Authentication and session management flows
    

  • SSRF, RCE, injection flaws
    

• Experience with AI assisted penetration testing tools
  

• Understanding of LLM-based attacks, prompt injection risks, AI model abuse vectors
  

Experience with tools such as:

• Burp Suite (Advance Usage)
  

• Nmap
  

• Nessus
  

• Metasploit
  

• SAT/DAST tools
  

• Mobile testing tools (MobSF, Frida, Objection)
  

Advanced Penetration Testing

• Conduct manual and automated penetration testing across:
  

  • Web applications
    

  • API (REST, GraphQL, SOAP)
    

  • Mobile applications (iOS & Android)
    

  • Cloud-native workloads and containerized environment
    

  • Infrastructure
    

• Perform black-box and white box testing
  

• Perform business logic testing
  

• Validate and exploit findings to demonstrate real business risk
  

• Conduct threat modeling and attack surface analysis
  

AI & Autonomous Pentesting

• Design, operate and optimize AI-Driven autonomous pentesting platforms
  

• Tune LLM-Based testing agents and attack orchestration workflows
  

• Validate AI generated findings and reduce false positives
  

Reporting & Leadership

• Produce executive level reporting and technical reports
  

• Present findings to business, engineering and executive stakeholders
  

• Provide remediation guidance with practical implementation advice
  

• Mentor junior testers
  

• Contribute to internal security standards and processes