Application Security Testing Manager

We are looking for a person with good knowledge of web and mobile applications security testing, proven experience of handling large-scale security testing projects, including static and dynamic assessment methods for web, mobile and API s. it will be required to demonstrate the knowledge of common attacks for mobile, web and API systems and relevant methods of their remediation, secure design patterns of business flows within web and mobile applications, cryptography specifications (TLS, X.509, hashing and encryption algorithms, handshake) and their common implementation flaws, basic understanding for authentication standards (Oauth 2.0, Open ID Connect, SAML).

Demonstrable knowledge about test management using Jira or similar tools, test case set-up, report generation, defect management lifecycle and risk scoring using industry standard methodologies like CVSS. The role will be responsible for driving security testing activity, ensuring the timely delivery of assessments and collaborating with cross-functional teams in an implementation project for our clients.

Principal Duties and Responsibilities:

• Lead and manage a team of application security testers to execute comprehensive security testing across web, API, and mobile
• Plan and prioritize testing activities to ensure timely delivery of security assessments and actionable remediation plans.
• Conduct and direct, hands-on application security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and / or Mobile Application Security Testing (MAST) and / or Software Composition Analysis (SCA).
• Produce clear and concise documentation like test strategy, test plan, testing report, issue summary along with prioritization based on risk and impact of the issue identified.
• Work closely with Development, QA, and DevOps teams to embed security throughout the Software Development Lifecycle (SDLC).
• Champion OWASP Top 10, CWE, and other global security standards across engineering practices.
• Effectively manage reporting to client and different stakeholders on testing progress, issues, risks and collaborate on remediation of risks for testing process.
• Monitor emerging threats and security trends, recommending improvements and countermeasures as needed.
• Provide ongoing mentorship and training to junior team members and promote a security-first mindset.
• Represent application security in cross-functional discussions and audits.

Background and Skills:

• 8 15 years of experience in Application Security Testing, with at least 2 3 years in a leadership or managerial role.
• Proven experience in manual security testing techniques beyond tool-based scanning.
• Strong hands-on expertise with SAST, DAST and SCA tools and frameworks.
• Experience testing a range of applications including Web, RESTful APIs, and Mobile apps.
• Deep understanding of OWASP Top 10, CWE, secure coding practices, and vulnerability mitigation techniques.
• Familiarity with DevSecOps principles and integrating security testing into CI/CD pipelines
• Strong communication, stakeholder management, and reporting skills.
• Relevant certifications such as OSCP, CEH, GWAPT, or equivalent are a plus.