Senior Web Application Penetration Testing Engineer

Actively Reviewing the Applications

Sony India Software Centre

India, Karnataka, Bengaluru Full-Time On-site

Posted 4 hours ago • Apply by June 10, 2026

Job Description

Job Title: Senior Web Application Penetration Testing Engineer

Company Name: Sony India Software Centre

Job Description

As a Senior Web Application Penetration Testing Engineer at Sony India Software Centre, you will be responsible for identifying and mitigating security vulnerabilities within web applications and services. You will conduct comprehensive penetration tests, vulnerability assessments, and security audits to ensure the integrity and security of our software products. Additionally, you will work closely with development teams to provide guidance on best security practices and support in the implementation of secure coding standards. Your expertise will help drive a culture of security awareness and foster secure development practices across the organization.

Key Responsibilities

Experience in the range of 8+ years. Work timings being 9AM-6PM.
Conduct thorough penetration testing of web applications to identify security weaknesses.
Operate a hands-on role involving penetration testing and vulnerability assessment activities of all types of applications, networks, Web services/APIs and mobile applications/devices.
Perform vulnerability assessments and security audits of web applications and services.
Analyze test results and create detailed reports on findings, vulnerabilities, and recommendations for remediation.
Collaborate with software development teams to integrate security practices into the software development lifecycle (SDLC).
Stay updated with the latest security threats, vulnerabilities, and industry trends to continuously improve testing methodologies.
Provide training and support for development teams on secure coding practices and security measures.
Assist in the development of security policies, standards, and guidelines for web applications.
Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response
Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management
The ability to articulate risks and findings to management
Excellent communication skills both written and verbal.
Critical thinking and good problem-solving abilities.
Organized planning and time management skills are preferred.

Skills And Tools Required

Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network.
Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools.
Strong knowledge of web application security vulnerabilities (e.g., OWASP Top Ten).
Proficiency in penetration testing tools such as Burp Suite, OWASP ZAP, Metasploit, and others.
Experience with web application frameworks and technologies (e.g., HTML, JavaScript, CSS, API security).
Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems
Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit
Participate in multiple organizational areas such as security architecture and design, SAST, SCA, Pentesting and client communication.
Experience in preparing a security threat model and associated test plans.
Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results.
In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred.
Understanding of networking concepts and protocols (e.g., TCP/IP, HTTP/S).
Ability to analyze and evaluate security design and implementation in web applications.
Excellent communication skills to articulate security risks and recommendations to technical and non-technical stakeholders.
Relevant certifications (e.g., CEH, OSCP, OSCP+) are preferred
Knowledge of current information security threats. Good understanding of coding best practices and standards.

This position offers an exciting opportunity to be at the forefront of web application security in a dynamic and innovative environment at Sony India Software Centre. If you are passionate about security and looking to make a significant impact, we encourage you to apply.

Manual Penetration Tester with Exploitation Skills, Secure Design Review, SAST, SCA

About The Role

In this position, you will focus on conducting thorough penetration testing for web applications to identify vulnerabilities and assess security risks. You will work on enhancing the security posture of Sony's web applications, ensuring they meet industry standards and best practices. Collaborating with cross-functional teams, you will contribute to the overall security strategy of the organization.

About The Team

You will be a part of a dedicated security team that emphasizes collaboration and continuous learning. The team consists of experienced professionals with varied backgrounds in cybersecurity, software development, and risk management. Together, you will foster an environment that encourages innovation and the sharing of knowledge to stay ahead of emerging threats.

You Are Responsible For

Conducting comprehensive penetration tests on web applications to identify security vulnerabilities. Developing detailed reports that outline findings, risk assessments, and recommendations for remediation. Collaborating with development and operations teams to ensure security best practices are integrated into the software development lifecycle. Keeping up to date with the latest security trends, tools, and methodologies to enhance testing capabilities.

To succeed in this role – you should have the following:

Proven experience in web application penetration testing, including familiarity with common security vulnerabilities such as OWASP Top Ten. Strong knowledge of web technologies, protocols, and application architectures. Proficiency in using various penetration testing tools and frameworks. Excellent problem-solving skills and the ability to communicate complex security concepts to technical and non-technical stakeholders.