Location: Remote / India
Experience: 7+ Years
Employment Type: Full-Time
Role Summary
We are seeking a skilled Application Security Engineer to strengthen the security posture of web and API-based applications. The role focuses on integrating security into the SDLC, managing security tools, identifying vulnerabilities, and working closely with engineering teams to drive timely remediation.
Key ResponsibilitiesApplication Security Engineering
- Provide security engineering support for web and API applications.
- Integrate security controls into the Secure SDLC, including threat modeling and security design reviews.
- Ensure adherence to organizational security standards and best practices.
Vulnerability Scanning & Tool Administration
- Administer and manage vulnerability scanning tools (e.g., Tenable or similar).
- Configure, tune, and maintain scanning policies and schedules.
- Optimize tool performance to improve accuracy and reduce false positives.
SAST & DAST Integration
- Implement and maintain SAST and DAST tools within CI/CD pipelines.
- Configure detection rules and improve result reliability.
- Collaborate with engineering teams to ensure seamless integration and actionable outputs.
Vulnerability Discovery & Risk Prioritization
- Identify and validate vulnerabilities through automated and manual testing.
- Perform false-positive analysis and assess exploitability.
- Provide risk-based prioritization aligned with business impact.
Operational Execution & Remediation
- Review scan results and track vulnerabilities to closure.
- Coordinate with development teams for timely remediation.
- Ensure adherence to defined workflows and SLAs.
Red Team & Offensive Security Techniques
- Validate vulnerabilities using manual testing and offensive security methods.
- Develop proof-of-concept exploits where required.
- Document attack paths, reproduction steps, and impact clearly.
Security Testing & Bug Validation
- Perform manual and automated security testing for applications and APIs.
- Reproduce and validate reported issues across environments.
- Verify remediation effectiveness before closure.
Required Skills & Qualifications
- Bachelor’s degree in Computer Science, Information Security, or related field.
- 3–6 years of experience in Application Security or related domain.
- Hands-on experience with SAST, DAST, and vulnerability scanning tools.
- Strong understanding of OWASP Top 10, web application and API security.
- Experience with CI/CD pipeline integrations (e.g., Jenkins, GitHub Actions, GitLab).
- Knowledge of secure coding practices and common vulnerability patterns.
- Familiarity with scripting (Python, Bash, or similar) is a plus.
Preferred Qualifications
- Experience with threat modeling and secure design reviews.
- Exposure to red teaming or penetration testing techniques.
- Relevant certifications (e.g., OSCP, CEH, GWAPT) are a plus.
Pay: ₹2,600,000.00 - ₹3,000,000.00 per year
Benefits:
Experience:
- Application Security or related domain: 7 years (Preferred)
Work Location: Remote