-
View all jobs
Who We Are
NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.
What You’ll Be Doing
NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.
What You’ll Be Doing
- Conduct security assessments for web apps, APIs, and mobile apps under limited supervision.
- Perform OWASP Top 10 and advanced penetration testing (authenticated/unauthenticated).
- Assess API security (REST, GraphQL, SOAP) and test auth, session management, and access controls.
- Identify business logic flaws and exploit vulnerabilities.
- Perform manual/automated secure code reviews across multiple languages.
- Identify vulnerabilities (injection, XSS, insecure dependencies) and review architecture for weaknesses.
- Analyze third-party libraries, cryptographic implementations, and secure data handling.
- Provide actionable remediation guidance and secure coding recommendations.
- Assess iOS/Android apps, including reverse engineering and binary analysis.
- Test data storage, transmission, backend APIs, and mobile authentication mechanisms.
- Evaluate permissions, intents, IPC, and mobile-specific vulnerabilities (e.g., insecure storage).
- Integrate security testing into CI/CD pipelines and DevOps workflows.
- Configure and optimize SAST, DAST, and SCA tools; develop automation scripts.
- Implement security gates, reusable test cases, and support shift-left security initiatives.
- Analyze findings, determine risk severity, and produce detailed reports with remediation guidance.
- Validate fixes post-remediation, track findings to closure, and maintain vulnerability metrics.
- Present results to development teams and management.
- Review application designs for weaknesses against OWASP ASVS and security standards.
- Evaluate authentication/authorization models, data flows, and threat models.
- Support secure design workshops and threat modeling sessions.
- Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field
- Minimum 5–10 years of experience in cybersecurity or IT security roles.
- Strong knowledge of OWASP Top 10, OWASP ASVS, and web application security principles
- Solid experience with web application penetration testing tools and methodologies
- Proficiency in identifying and exploiting common application vulnerabilities
- Understanding of API security testing for REST, GraphQL, SOAP, and microservices
- Knowledge of mobile application security testing for iOS and Android platforms
- Programming languages: Java, .NET (C#), Python, JavaScript, TypeScript, PHP
- Web frameworks: Spring, Django, Flask, Express.js, React, Angular, Vue.js
- Mobile development: Swift, Kotlin, React Native, Flutter basics
- Scripting: Python, Bash, PowerShell for security automation
- Database security: SQL injection, NoSQL security, ORM security issues
- Web testing: Burp Suite Professional, OWASP ZAP, Postman, SQLMap
- Code analysis: SonarQube, Checkmarx, Fortify, Veracode, Semgrep
- Mobile testing: MobSF, Frida, Objection, APKTool, iOS security tools
- Dependency scanning: OWASP Dependency-Check, Snyk, WhiteSource
- Automation: Selenium, Jenkins, GitLab CI/CD, custom Python scripts
- Deep understanding of OWASP Testing Guide and Application Security Verification Standard
- Knowledge of PCI DSS application security requirements
- Familiarity with secure SDLC practices and DevSecOps principles
- Understanding of threat modeling methodologies (STRIDE, PASTA, LINDDUN)
- Awareness of privacy-by-design and secure coding standards
- Clear technical communication with developers and non-technical stakeholders
- Ability to explain complex vulnerabilities and provide practical remediation guidance
- Collaboration skills for working with development, DevOps, and product teams
- Analytical thinking and creative approach to finding security weaknesses
- Patience and persistence in thorough security testing activities
- OSCP (Offensive Security Certified Professional) or CEH (Certified Ethical Hacker) - Mandatory
- GWAPT (GIAC Web Application Penetration Tester) or equivalent web app security cert - Preferred
- Burp Suite Certified Practitioner
- Programming or development certification
- Excellent command of both spoken and written English.
Key Skills
Ranked by relevance
owasp
python
penetration testing
cybersecurity
graphql
devops
react
cicd
ios
reverse engineering
react native
javascript
typescript
powershell
burp suite
selenium
angular
jenkins
storage
pci dss
android
flutter
postman
kotlin
django
gitlab
nosql
swift
flask
java
bash
sql
ceh
dss
c
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
(Physical) Security Specialist Intern, Data Centre Security
2026-04-12
Full-time
Not Applicable
France
IT Services
Quality Assurance
View Job Details
Related
Managed Cloud Security Services Analyst
2026-04-12
Full-time
Not Applicable
Finland
IT Services
Information Technology
View Job Details
Related
Data Engineer
2026-04-07
Contract
Mid-Senior
Romania
IT Services
Information Technology
Login to Apply
- Posted
- Nov 27, 2025
- Type
- Full-time
- Level
- Associate
- Location
- Timisoara Metropolitan Area
- Company
- NTT DATA Europe & Latam
Industries
IT Services
IT Consulting
Categories
Information Technology
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
(Physical) Security Specialist Intern, Data Centre Security
2026-04-12
Full-time
Not Applicable
France
IT Services
Quality Assurance
View Job Details
Related
Managed Cloud Security Services Analyst
2026-04-12
Full-time
Not Applicable
Finland
IT Services
Information Technology
View Job Details
Related
Data Engineer
2026-04-07
Contract
Mid-Senior
Romania
IT Services
Information Technology