Application Security Professional

SISA -
Bengaluru, Karnataka

Apply Now

Job details

Full-time
2 days ago

Qualifications

CI/CD
Authentication
Azure
PCI
iOS development
Kubernetes
GWAPT
Mobile applications
iOS
SOAP
SQL
RBAC
SoapUI
AWS
Docker
Continuous integration
REST
Burp Suite
ISO 27002
APIs
ISO 27001
GraphQL
Communication skills
SDLC

Full job description

Experience: 7–10 years

Location: Bangalore

Employment Type: Full-time

Role Summary

We are looking for a senior application security professional with strong hands-on expertise in securing web applications, mobile applications, APIs, and modern cloud-native application environments. The role requires the ability to independently lead complex application security assessments, perform secure design reviews, identify critical vulnerabilities, and work closely with engineering teams to drive remediation across the SDLC.

Key Responsibilities

Lead security assessments for web applications, mobile applications, APIs, and cloud-based applications.
Perform advanced manual and automated security testing across development, staging, and production environments.
Conduct security testing for Android and iOS applications, including static analysis, dynamic analysis, runtime testing, reverse engineering, and insecure storage reviews.
Assess REST, SOAP, GraphQL, and microservices-based APIs for authentication, authorization, data exposure, injection, rate limiting, and business logic flaws.
Perform secure architecture reviews, threat modeling, and risk assessments for critical applications and new product features.
Review source code and provide secure coding recommendations to development teams.
Support DevSecOps initiatives by integrating SAST, DAST, SCA, secret scanning, and container security tools into CI/CD pipelines.
Validate vulnerabilities, define risk ratings, prepare detailed reports, and provide practical remediation guidance.
Track findings to closure and validate remediation fixes.
Mentor junior security team members and contribute to internal AppSec methodologies, checklists, playbooks, and standards.
Engage with development, DevOps, QA, product, and business teams to improve security maturity.

Required Skills

Strong hands-on expertise in web application security, mobile application security, and API security testing.
Deep understanding of OWASP Top 10, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, CWE, and CVSS.
Advanced knowledge of authentication and authorization mechanisms such as OAuth 2.0, OIDC, SAML, JWT, MFA, RBAC, and ABAC.
Experience identifying and exploiting vulnerabilities such as XSS, SQL injection, IDOR, SSRF, CSRF, authentication bypass, insecure deserialization, cryptographic flaws, insecure storage, and business logic issues.
Hands-on experience with tools such as Burp Suite, OWASP ZAP, Postman, MobSF, Frida, Objection, JADX, APKTool, ADB, SQLMap, Nuclei, and SoapUI.
Ability to perform secure code reviews in languages
Good understanding of DevSecOps, CI/CD security, SAST, DAST, SCA, container scanning, and secrets management.
Ability to independently lead assessments from scoping to reporting.
Strong reporting, communication, stakeholder management, and developer collaboration skills.

Good to Have

Experience with cloud application security across AWS, Azure, or GCP.
Knowledge of Docker, Kubernetes, and containerized application security.
Familiarity with compliance standards such as PCI DSS, ISO 27001, SOC 2, GDPR, or HIPAA.
Experience with bug bounty, responsible disclosure, product security, or purple team activities.
Certifications such as OSCP, GWAPT, GMOB, GWEB, eWPT, or eWPTX.

Apply Now

Jobseeker tools

Employer Tools

Browse

Stay Connected