Sr. Consultant-PQE Source code Review

Sr. Consultant – PQE Source Code Review

Ref: JN-052025-786587 Experience Range: 5–8 years Vertical: Service Operation and Cloud Engineering

Job Summary

We are looking for a skilled Senior Consultant with deep experience in application security, source code review, and penetration testing. The role focuses on securing applications across web, mobile, API, and cloud ecosystems, and driving secure development practices through collaboration, tooling, and remediation guidance.

Key Responsibilities

• Perform manual and automated security assessments on web, mobile, API, and cloud-based applications.
• Conduct penetration testing (black box, gray box, white box) across diverse systems and environments.
• Identify, exploit, and document vulnerabilities including OWASP Top 10, SANS 25, business logic flaws, and misconfigurations.
• Conduct secure code reviews in languages like Java, .NET, Python, and JavaScript to detect and mitigate risks.
• Leverage security tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, Nikto, Postman, Nessus, and others.
• Collaborate with development teams to offer remediation guidance and verify security fixes.
• Support DevSecOps initiatives by integrating security into CI/CD pipelines.
• Stay updated on emerging vulnerabilities, CVEs, and exploit techniques.
• Prepare detailed reports, developer-friendly documentation, and executive summaries for key stakeholders.
• Participate in security incident response and forensic investigations, as needed.

Key Competencies

• Proven ability to execute deep-dive source code analysis and identify complex security vulnerabilities.
• Expertise in secure development lifecycle (SDLC) and secure design principles.
• Excellent communication skills to effectively liaise with developers, architects, and management.
• Ability to handle high-risk findings, prioritize remediation, and drive continuous improvement.
• Strong analytical mindset with attention to detail and investigative problem-solving capability.