Security Analyst - API Security

As a Web Application Security Tester at Lennox, you will be responsible for performing Dynamic Application Security Testing (DAST) on APIs and web applications using both manual and automated methods. Your role will involve analyzing DAST scan results, identifying and prioritizing vulnerabilities based on risk, and participating in triage sessions with application teams to explain and document vulnerabilities. You will also conduct deep API security testing to uncover issues like BOLA, logic flaws, and abuse scenarios, as well as perform red teaming, adversary emulation, and use offensive security tools as needed. In addition to DAST, you may also be required to conduct Static Application Security Testing (SAST) and understand the differences between the two. Utilizing and maintaining various security tools such as Burp Suite, NetSparker, Checkmarx, Veracode, and Fortify will be part of your responsibilities. Collaboration with developers, DevOps, and security teams to address identified vulnerabilities and effectively communicating security findings to both technical and non-technical audiences are crucial aspects of the role. Your qualifications for this position include a minimum of 5-7 years of experience in Web Application Security Testing, including DAST, SAST, and API Security. You should have a strong knowledge of API security principles and common vulnerabilities, along with proficiency in Kali Linux penetration testing tools and a working knowledge of HTML and JavaScript. Additional expertise in front-end and back-end technologies is advantageous, as well as exposure to common web vulnerabilities and bug bounty programs. Experience in security testing of mobile apps and IoT applications, familiarity with DAST and SAST tools, strong analytical and problem-solving skills, and excellent written and verbal communication abilities are essential for success in this role. Possessing security certifications focused on web application security, such as Offensive Security, SANS, CREST, etc., will be considered a strong plus. Join Lennox and contribute to improving security testing processes and strategies while growing your career in a supportive and innovative environment.,