1. Strong hands on experience in Threat Modeling ,Secure Architecture Review and SAST

2. Deep understanding of application and API security concepts

3. Proficiency with SAST tools (e.g., Checkmarks, Fortify, Veracode, Semgrep)

4. Working knowledge of DAST tools (e.g., Burp Suite, OWASP ZAP, Acunetix)

5. Experience in Web and API penetration testing

6. Strong understanding of OWASP Top 10 and OWASP API Top 10

7. Strong communication skills to translate security findings into developer friendly guidance

8. Ability to collaborate with architects, developers, and leadership

9. Risk based mindset with focus on practical and scalable security solutions

10. Documentation and reporting skills

Good to have:

• Web application penetration testing

• API penetration testing



Responsibility of / Expectations from the Role



Threat Modeling, Secure Architecture Review, and Static Applicatio...