239 Web Application Security jobs in Pakistan

Hiring: Vulnerability Assessment Consultant (Automation & AI Focus)

We're looking for a Vulnerability Assessment Analyst experienced with Tenable Nessus to help strengthen our enterprise security posture. The ideal candidate will not only identify and assess vulnerabilities but also leverage automation and AI-driven insights to enhance detection, streamline analysis, and accelerate remediation.

Key Responsibilities:

Conduct vulnerability assessments across networks, servers, applications, and cloud environments using Nessus.

Configure and optimize scan policies, templates, and credentials. Automate scanning, reporting, and remediation workflows through Python, Bash, or PowerShell scripting.

Use AI-assisted tools to improve accuracy, reduce false positives, and predict potential exploit patterns.

Collaborate with IT and Security teams to validate findings and ensure timely remediation.

Stay updated on emerging CVEs, threats, and advancements in AI-driven vulnerability management.

Align assessments with ISO 27001, NIST, and CIS benchmarks.

What We're Looking For:

Proven experience with Tenable Nessus Professional.

Strong understanding of network protocols, OS (Windows/Linux), and web technologies.

Familiarity with vulnerability management frameworks and CVSS scoring.

Hands-on scripting experience for automation.

Excellent communication, collaboration, and problem-solving skills.

Bachelor's degree in Cybersecurity, IT, or related field.

Certifications such as Security+, CEH, or Tenable Certified are a plus.

Soft Skills:

We value professionals who are curious, analytical, and collaborative; able to communicate technical issues in clear, actionable language and adapt quickly to emerging security challenges.

Interested candidates can share their CVs at ( and ) with the subject line "Vulnerability Assessment Consultant – (Your Name)".

Position Impact

As an Application Security Engineer, you will be at the forefront of securing our applications and infrastructure. You will work with cross-functional teams to embed security into the software development life cycle (SDLC), reduce risk exposure, and ensure compliance with industry standards. Your expertise will directly safeguard sensitive data, protect against emerging threats, and strengthen our overall security posture.

Roles & Responsibilities

· Partner with development teams to embed security principles and practices throughout the SDLC.

· Perform code security assessments to uncover vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure APIs.

· Lead threat modeling sessions and conduct risk assessments for upcoming features and services.

· Deploy, configure, and maintain tools for both static and dynamic application security testing.

· Assess security risks and propose effective mitigation and remediation strategies.

· Ensure sensitive data (e.g., credentials, tokens, keys) remains protected during builds and deployments.

· Collaborate with teams to remediate or replace insecure third-party libraries and components.

· Support internal and external audits concerning application and infrastructure security practices.

· Strengthen CI/CD pipelines and infrastructure by enforcing secure configurations.

· Monitor and stay informed on the latest exploits, vulnerabilities, and application security trends.

· Deliver training and mentorship to developers on secure coding standards and practices.

· Develop and maintain internal playbooks, documentation, and security guidelines.

· Ensure cloud services (AWS, Azure, GCP) are deployed with secure configurations and controls.

· Review, audit, and optimize access permissions, network policies, and identity management practices.

Requirements & Qualifications

· Bachelor's/Master's in Computer Science, Cybersecurity, or related discipline.

· Minimum 5 years of experience in Application Security, Security Engineering, or DevSecOps.

· Strong knowledge of web application vulnerabilities and remediation (OWASP Top 10, CWE Top 25).

· Experience with security testing tools such as Burp Suite, OWASP ZAP, Checkmarx, Veracode, or Fortify.

· Proficiency in secure coding practices across languages (Java, Python, JavaScript, C#, etc.).

· Hands-on experience with CI/CD and security automation (Jenkins, GitLab CI, GitHub Actions).

· Cloud security expertise in AWS, Azure, or GCP (IAM, secrets management, networking).

· Familiarity with container and microservices security (Docker, Kubernetes).

· Experience with compliance standards (ISO 27001, SOC 2, PCI DSS, GDPR).

Preferred Skills

· Security certifications such as OSWE, OSCP, GWAPT, CEH, or CISSP.

· Knowledge of Infrastructure-as-Code security (Terraform, CloudFormation).

· Experience with API security testing and automation.

• · Strong communication and collaboration skills to bridge technical and non-technical teams.

Microservices Architecture:

• Develop and maintain microservices-based architectures to ensure scalability and fault tolerance.
• Implement service-to-service communication using protocols like gRPC or message brokers (e.g., SQS, RabbitMQ).
• Ensure proper logging, monitoring, and error handling across all services.
• Strong understanding of AWS Lambda and other microservices related products by AWS will be a plus.

Version Control and CI/CD:

• Utilize advanced Git branching strategies (e.g., Git Flow, Trunk-Based Development) to manage codebase changes effectively.
• Participate in code reviews to enforce quality standards and share knowledge within the team.
• Automate deployment pipelines using CI/CD tools to streamline releases to EC2 instances running Nginx .

API Testing and Quality Assurance:

• Use API testing frameworks and tools like Postman, Bruno , or Insomnia to validate API functionality and performance.
• Write automated tests for APIs, including unit tests, integration tests, and end-to-end tests.
• Collaborate with QA engineers to identify and resolve bugs before they reach production.

Production Support and Incident Management:

• Monitor production systems to proactively detect and address issues.
• Troubleshoot and resolve incidents affecting live environments, ensuring minimal downtime.
• Document root cause analyses and implement preventive measures to avoid recurrence.

Mentorship and Knowledge Sharing:

• Mentor junior developers and provide guidance on best practices for backend development.
• Conduct workshops or training sessions to upskill the team on emerging technologies and methodologies.
• Contribute to internal documentation and knowledge repositories.

Required Qualifications

• Bachelor's degree in Computer Science, Software Engineering, or a related field (or equivalent experience).
• 10+ years of professional experience in backend development using and frameworks like NestJS.
• Proven track record of working on large-scale, multi-client production environments.
• Expertise in relational databases, specifically MariaDB, including schema design, query optimization, and indexing.
• Strong understanding of microservices architecture, including inter-service communication, load balancing, and containerization.
• Proficient in Git workflows, including advanced branching strategies and conflict resolution.
• Familiarity with API testing tools like Postman, Bruno, or similar frameworks.

Preferred Skills

• Experience with containerization technologies like Docker and orchestration tools like Kubernetes.
• Knowledge of message brokers such as SQS, RabbitMQ or Redis for asynchronous processing.
• Familiarity with observability tools like Prometheus, Grafana, or ELK Stack for monitoring and logging.
• Demonstrated ability to apply programming principles like SOLID, IoC, and DRY in real-world projects.

• Help the organization evolve its application security function and services.
• Ensure Secure Software Development Lifecycle is followed within the organization.
• Review security design/architecture of business applications.
• Perform information security risk assessments of business applications before deployment in a timely manner.
• Oversee and perform application security control assessment, vulnerability assessment, and penetration testing.
• Responsible for overseeing code reviews of applications and providing guidance to address the highlighted issues.
• Oversee the application security issues and remediation process.
• Provide guidance on application vulnerability scanning and penetration testing to security team and junior security engineers.
• Manage vulnerability assessment through tools including static and dynamic analysis.
• Follow security best practices in performing tasks.
• Improve and maintain secure development standards.
• Review vendor security activities to ensure their software development meets the bank's standards.
• Discover application security exposures and provide guidance to develop mitigation plans.
• Effective and timely coordination, planning, and response to internal audit, external audit, and regulators, wherever applicable, and ensure that related audit findings are timely closed.
• Build and maintain professional relationships with internal and external stakeholders including technology, business, and third parties.
• Provide related information security guidance and support to internal and external stakeholders.
• Provide regular briefings to the Application Security team and assign appropriate resources on projects and functions.
• Assist Head IT & GRC and CISO in managing cyber defense at the application layer.
• Perform other duties as assigned to ensure smooth functioning of the department.

Company Description

Advance Tech Services Ltd is a specialized provider of professional IT support staffing and hardware-based technical services. We supply skilled IT support engineers, networking engineers, and desktop support technicians to businesses that require reliable infrastructure and fast response times. Our mission is to keep systems running smoothly by providing expert, hands-on support for hardware and network environments. Whether expanding IT teams, upgrading infrastructure, or responding to on-site issues, we deliver dependable professionals who ensure efficiency and minimal disruption. At Advance Tech, we're not just support—we're your frontline IT partner.

Role Description

This is a full-time on-site role for an Application Security Engineer, located in Multan. The Application Security Engineer will be responsible for identifying and mitigating security vulnerabilities in software applications, implementing security measures, and conducting security assessments. Daily tasks include performing code reviews, collaborating with development teams to enforce secure coding standards, and providing guidance on security-related issues. The role also involves staying updated with the latest security threats and technologies to protect the integrity and confidentiality of the company's applications.

Qualifications

• Experience in identifying and mitigating security vulnerabilities in software applications.
• Proficiency in conducting security assessments and implementing security measures.
• Strong understanding of secure coding standards and practices.
• Excellent skills in performing code reviews and collaborating with development teams.
• Ability to stay updated with the latest security threats and technologies.
• Strong problem-solving skills and attention to detail.
• Bachelor's degree in Computer Science, Information Technology, or related field.
• Relevant certifications such as CISSP, CEH, or CSSLP are a plus.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively in a team environment.

Work with the industry leader

At Eon, our mission is to make patients healthier and healthcare affordable. Eon Patient Management ("EPM") identifies patients with disease risk and streamlines clinical decision analysis so clinicians can work at the top of their licenses. With unique solutions across multiple disease states, we drive unprecedented adherence to care pathways, so that more patients are seen and more survive. When patients win, healthcare systems win - both clinically and financially.

As a market leader in incidental tracking and patient management, Eon is pioneering the use of Artificial Intelligence to enable healthcare enterprises, ranging from small health systems to large, national-scale IDNs. We have a unique and dynamic team that is focused on results, and employment opportunities both local to our Denver office, and remote based.

This really is the perfect role

The Opportunity
As an Application Security Engineer, you will be improving Eon's application security posture and keeping the platform secure throughout the Software Development Life Cycle (SDLC) We are looking for someone who loves to analyze, test and triage application vulnerabilities, participate in code and product security reviews, and help our Developers bake security into their day-to-day workflows and CICD. You will partner closely with our Product and Engineering teams, and external testers, so solid interpersonal skills are a must. This role is a great opportunity to advance an application security program and drive remediation of security weaknesses with an enterprise-wide impact

In This Role You Will

• Be an advocate for application security within the organization
• Help develop and maintain a risk-based application security program based on a well-defined application security framework
• Ensure the platform complies with healthcare-specific security standards such as HIPAA and HITRUST, and follow best practices for handling sensitive patient data.
• Find common patterns and themes within application vulnerabilities and work with Development teams to address the root causes
• Participates in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology
• Execute security-focused code, architecture and integration reviews
• Coordinate or conduct penetration testing and drive remediation efforts to completion
• Collaborate with DevOps teams to integrate security testing tools (SAST/DAST) into CI/CD pipelines to enable DevSecOps practices.
• Keep abreast of the latest security issues and technologies
• Own and improve process and procedural documentation
• Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments

Skills & Requirements

• Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
• Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a must
• Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desired
• Ability to read and understand Java, JavaScript, and Python
• Ability to automate repetitive tasks, using Python or other scripting language, is a plus
• Experience working in regulated industries, with a focus on healthcare security standards (HIPAA, HITRUST) is a plus.

Nice-to-have

• 2+ years of experience in web application penetration testing or a security-focused application development role is a must
• AWS Security, CEH, GWEB, GCIH or equivalent certifications are preferred
• Ability to work in a diverse, fast-paced environment and effectively collaborate across teams
• Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience

"So what's in it for me," you ask?

We pride ourselves for being a culture-based company buzzing with high-energy. Aside from the enthusiastic environment, you'll enjoy:

• Competitive salary
• Health insurance
• Referral bonuses
• Generous vacation time
• Paid Maternity and Paternity leave
• Work from home days
• Lunch facility within office
• Travel allowance
• Company equipment (laptop, internet device, screens etc)
• Professional development and career growth opportunities
• Awesome team members

If we still have your attention, don't delay, send us your resume

Role Overview

We are seeking a talented 
Security Engineer
 to lead efforts in securing applications, containers, and runtime environments. The ideal candidate will specialize in isolation technologies, threat detection, and policy enforcement, working closely with DevOps and engineering teams to ensure system integrity, compliance, and secure software delivery.

Key Responsibilities

• Design and implement 
  application and container security
   measures across development and production environments.
• Apply technologies such as 
  gVisor
  , 
  CSP (Content Security Policy)
  , 
  runtime policy engines
  , and 
  iframe isolation
   to enforce robust security boundaries.
• Perform 
  vulnerability assessments
  , 
  penetration testing
  , and 
  runtime monitoring
   to proactively identify and mitigate risks.
• Collaborate with 
  DevOps
   to secure container deployments, CI/CD pipelines, and cloud workloads.
• Develop and maintain security best practices, including secure coding guidelines, incident response procedures, and compliance checks.
• Monitor security events and ensure timely response and remediation.
• Stay up to date with emerging threats, vulnerabilities, and evolving security technologies.

Qualifications

• 3+ years of experience in 
  application or cloud security
  .
• Hands-on experience with 
  container isolation technologies
   (e.g., gVisor, Docker, Kubernetes).
• Strong understanding of 
  web security principles
  , including 
  CSP
  , 
  iframe sandboxing
  , and 
  runtime policy enforcement
  .
• Experience performing 
  penetration testing
  , 
  vulnerability scanning
  , and 
  risk assessments
  .
• Familiarity with 
  DevSecOps practices
   and integrating security into CI/CD workflows.
• Working knowledge of Linux security fundamentals, networking, and system hardening.
• Excellent problem-solving and analytical skills.

Preferred

• Certifications such as 
  OSCP, CEH, or CISSP
  .
• Experience with 
  runtime security tools
   (e.g., Falco, AppArmor, or SELinux).
• Familiarity with 
  cloud security frameworks
   (AWS, GCP, or Azure).
• Background in 
  threat modeling
  , 
  incident response
  , or 
  security automation
  .
• Knowledge of compliance standards (ISO 27001, SOC 2, GDPR, etc.).

Direct message the job poster from Kamel Pay

KamelPay, founded in 2020, is the UAE’s fastest-growing WPS agent specialising in salary processing. We provide businesses with secure, all-in-one salary processing solutions as a leading fintech solutions provider. Driven by a commitment to financial freedom, we enable companies and individuals to have instant access to essential financial services. Through innovation and dedication, we aim to benefit our clients by simplifying financial processes.

The Network Security Engineer will be responsible for securing KamelPay’s cloud and network infrastructure (AWS, Fortinet, Cloudflare) while embedding automated security controls within DevOps pipelines.

This hybrid role ensures the reliability, confidentiality, and compliance of KamelPay’s systems, aligning with PCI-DSS and internal security policies.

• Design, implement, and manage AWS security architecture (IAM, VPC, EC2, RDS, GuardDuty, Security Hub).
• Configure and monitor Fortinet VPN , Cloudflare WAF , and other perimeter defences.
• Integrate SAST/SCA/IaC scanning into CI/CD pipelines (SonarQube, Snyk, Trivy, Checkov).
• Automate security testing and compliance evidence generation (policy-as-code).
• Conduct vulnerability assessments using Nessus/OpenVAS and track remediation.
• Manage access control and perform regular IAM audits, key rotations, and privilege reviews.
• Support Disaster Recovery (DR) and Business Continuity testing at the infrastructure layer.
• Maintain network diagrams, firewall change records, and PCI audit artefacts.

• 4+ years of experience in network or cloud security engineering.
• Strong AWS knowledge (IAM, VPC, Config, CloudTrail, GuardDuty).
• Hands‑on with Fortinet, Cloudflare, and VPN management.
• Experience automating scans in Jenkins, GitHub Actions, or CodePipeline.
• Familiarity with Docker, Terraform, and Infrastructure-as-Code best practices.
• Knowledge of PCI-DSS and ISO 27001 controls is a must.

• CI/CD pipelines with integrated SAST/SCA/IaC checks.

Share resume at

• Mid-Senior level

• Full-time

• Information Technology

Referrals increase your chances of interviewing at Kamel Pay by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

We are seeking a talented Security Engineer to lead efforts in securing applications, containers, and runtime environments. The ideal candidate will specialize in isolation technologies, threat detection, and policy enforcement, working closely with DevOps and engineering teams to ensure system integrity, compliance, and secure software delivery.

• Design and implement application and container security measures across development and production environments.
• Apply technologies such as gVisor , CSP (Content Security Policy) , runtime policy engines , and iframe isolation to enforce robust security boundaries.
• Perform vulnerability assessments , penetration testing , and runtime monitoring to proactively identify and mitigate risks.
• Collaborate with DevOps to secure container deployments, CI/CD pipelines, and cloud workloads.
• Develop and maintain security best practices, including secure coding guidelines, incident response procedures, and compliance checks.
• Monitor security events and ensure timely response and remediation.
• Stay up to date with emerging threats, vulnerabilities, and evolving security technologies.

• 3+ years of experience in application or cloud security .
• Hands-on experience with container isolation technologies (e.g., gVisor, Docker, Kubernetes).
• Strong understanding of web security principles , including CSP , iframe sandboxing , and runtime policy enforcement .
• Experience performing penetration testing , vulnerability scanning , and risk assessments .
• Familiarity with DevSecOps practices and integrating security into CI/CD workflows.
• Working knowledge of Linux security fundamentals, networking, and system hardening.
• Excellent problem-solving and analytical skills.

• Certifications such as OSCP, CEH, or CISSP .
• Experience with runtime security tools (e.g., Falco, AppArmor, or SELinux).
• Familiarity with cloud security frameworks (AWS, GCP, or Azure).
• Background in threat modeling , incident response , or security automation .
• Knowledge of compliance standards (ISO 27001, SOC 2, GDPR, etc.).