Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member’s contributions and offers a supportive environment for career development. Come, stay, and grow with us.

• Perform Dynamic Application Security Testing (DAST) on APIs and web applications using both manual and automated methods.

• Analyze DAST scan results, identify and prioritize vulnerabilities based on risk.

• Participate in triage sessions with application teams to explain and document vulnerabilities.

• Conduct deep API security testing (REST, SOAP, GraphQL) to uncover issues like BOLA, logic flaws, and abuse scenarios.

• Perform red teaming, adversary emulation, and use offensive security tools (if applicable).

• Craft custom exploit chains and adaptive payloads to validate vulnerabilities (e.g., deserialization, command injection, broken access control).

• Maintain and improve custom testing scripts, payload repositories, and test cases.

• Conduct Static Application Security Testing (SAST) as needed and understand differences from DAST.

• Use and maintain various security tools (e.g., Burp Suite, NetSparker, Checkmarx, Veracode, Fortify).

• Collaborate with developers, DevOps, and security teams to address identified vulnerabilities.

• Communicate security findings effectively to both technical and non-technical audiences.

• Maintain thorough documentation of security tests, findings, and remediation efforts.

• Contribute to improving security testing processes and strategies.

• Experience: 5–7 years in Web Application Security Testing, including DAST, SAST, and API Security.

• Strong knowledge of API security principles and common vulnerabilities.

• Proficiency in Kali Linux penetration testing tools like SQLMAP, Dirbuster, etc.

• Working knowledge of HTML and JavaScript.

• Added advantage: Proficiency in front-end (e.g., .NET, Java) and back-end technologies (e.g., Oracle).

• Exposure to common web vulnerabilities such as SQL Injection, XSS, CSRF; experience in bug bounty programs is a plus.

• Experience in security testing of mobile apps and IoT applications is a bonus.

• Familiarity with security testing tools:

  • DAST tools: Burp Suite, NetSparker

  • SAST tools: Checkmarx, Veracode, Fortify

• Strong analytical and problem-solving skills.

• Excellent written and verbal communication skills.

• Security certifications (Offensive Security, SANS, CREST, etc.) focused on web application security are a strong plus