Application Security Engineer

Bottomline -
Bengaluru, Karnataka

Quick apply

Job details

5 days ago

Qualifications

CI/CD
Penetration testing
GWAPT
CISSP
Microservices
CEH
CISM
GPEN
Analysis skills
Continuous integration
Burp Suite
APIs
Cash management
Communication skills

Full job description

Why Choose Bottomline?

Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team!

As an Application Security Engineer, you will play a critical role in strengthening the organisation's application security posture by supporting our penetration testing and application code scanning programmes. This role is responsible for identifying vulnerabilities, analysing security patterns and behaviours, and contributing to the continuous improvement of secure development practices across the software lifecycle.

You will work closely with Product, Engineering, and Security teams to proactively identify and reduce risk exposure, supporting our threat exposure management approach across all applications. The role requires strong technical expertise combined with the ability to communicate complex security risks clearly and effectively to both technical and non-technical stakeholders.

Essential Functions and Responsibilities:

Orchestrate application penetration testing across web, API, and service-based architectures

Support application security scanning tools (SAST, SCA, DAST) and CI/CD pipeline integration

Analyse vulnerabilities to identify patterns, behaviours, and root causes, not just individual findings

Support prioritisation and provide guidance for remediation based on risk and threat exposure

Contribute to improving coverage, consistency, and reliability of application security testing

Support multiple projects and initiatives in parallel

Required Experience & Qualifications

3+ years' experience in Application Security, Penetration Testing, or Secure Code Scanning

Hands-on experience with penetration testing techniques and tools

Experience with application security scanning platforms (SAST, SCA, DAST)

Strong understanding of common vulnerability patterns (e.g. OWASP Top 10)

Knowledge of modern environments (APIs, microservices, CI/CD pipelines)

Strong analytical, problem-solving, and communication skills

Preferred Experience & Qualifications

Experience with platforms such as Veracode, Burp Suite, OWASP ZAP, or similar

Understanding of risk-based or threat exposure management models

Experience working with development teams in secure coding practices

Relevant certifications such as:
OSCP, OSWE, GWAPT, GPEN, CEH, CSSLP, CISSP or CISM

Note: This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the position.

We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. We're proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone.

Quick apply

Why Choose Bottomline?

Jobseeker tools

Employer Tools

Browse

Stay Connected