Location: Remote / India Experience: 7 Years Employment Type: Full-Time
Notice Period: Immediate Joiners or Up to 15 Days
About the Role
We are looking for an experienced Application Security Engineer to join our cybersecurity team. The ideal candidate will be responsible for securing web applications and APIs by integrating security throughout the Software Development Life Cycle (SDLC). This role involves implementing security tools identifying and validating vulnerabilities supporting remediation efforts and collaborating with development teams to build secure applications.
Key Responsibilities
Application Security
Implement and maintain security controls for web and API applications.
Integrate security practices into the Secure SDLC including threat modeling and security design reviews.
Ensure compliance with organizational security policies and industry best practices.
Security Tool Management
Manage and administer vulnerability scanning tools such as Tenable or equivalent solutions.
Configure optimize and maintain scanning policies and schedules.
Improve scan accuracy by reducing false positives and fine-tuning security tools.
SAST & DAST Implementation
Deploy and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) solutions.
Integrate security testing into CI/CD pipelines.
Work closely with development teams to ensure effective security testing and reporting.
Vulnerability Management
Identify validate and assess application vulnerabilities through automated and manual testing.
Perform risk assessments and prioritize vulnerabilities based on business impact.
Track remediation activities and ensure timely closure of security findings.
Security Testing
Conduct manual and automated security assessments of web applications and APIs.
Validate reported vulnerabilities and verify remediation after fixes are implemented.
Document findings attack scenarios and remediation recommendations.
Offensive Security
Perform manual verification of vulnerabilities using penetration testing techniques.
Develop proof-of-concept demonstrations when required.
Support security assessments and red team activities.
Required Skills & Qualifications
Bachelors degree in Computer Science Information Security or a related field.
7 years of experience in Application Security or Cybersecurity.
Hands-on experience with SAST DAST and vulnerability assessment tools.
Strong knowledge of OWASP Top 10 API Security and secure coding practices.
Experience integrating security tools into CI/CD environments such as Jenkins GitHub Actions or GitLab.
Familiarity with scripting languages such as Python Bash or PowerShell.
Excellent analytical troubleshooting and communication skills.
Preferred Qualifications
Experience in threat modeling and secure architecture reviews.
Hands-on exposure to penetration testing or red team activities.
Industry certifications such as OSCP CEH GWAPT CSSLP or equivalent are preferred.
Job Title: Application Security Engineer Location: Remote / India Experience: 7 Years Employment Type: Full-TimeNotice Period: Immediate Joiners or Up to 15 Days About the Role We are looking for an experienced Application Security Engineer to join our cybersecurity team. The ideal candidate will be...
Job Title: Application Security Engineer
Location: Remote / India Experience: 7 Years Employment Type: Full-Time
Notice Period: Immediate Joiners or Up to 15 Days
About the Role
We are looking for an experienced Application Security Engineer to join our cybersecurity team. The ideal candidate will be responsible for securing web applications and APIs by integrating security throughout the Software Development Life Cycle (SDLC). This role involves implementing security tools identifying and validating vulnerabilities supporting remediation efforts and collaborating with development teams to build secure applications.
Key Responsibilities
Application Security
Implement and maintain security controls for web and API applications.
Integrate security practices into the Secure SDLC including threat modeling and security design reviews.
Ensure compliance with organizational security policies and industry best practices.
Security Tool Management
Manage and administer vulnerability scanning tools such as Tenable or equivalent solutions.
Configure optimize and maintain scanning policies and schedules.
Improve scan accuracy by reducing false positives and fine-tuning security tools.
SAST & DAST Implementation
Deploy and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) solutions.
Integrate security testing into CI/CD pipelines.
Work closely with development teams to ensure effective security testing and reporting.
Vulnerability Management
Identify validate and assess application vulnerabilities through automated and manual testing.
Perform risk assessments and prioritize vulnerabilities based on business impact.
Track remediation activities and ensure timely closure of security findings.
Security Testing
Conduct manual and automated security assessments of web applications and APIs.
Validate reported vulnerabilities and verify remediation after fixes are implemented.
Document findings attack scenarios and remediation recommendations.
Offensive Security
Perform manual verification of vulnerabilities using penetration testing techniques.
Develop proof-of-concept demonstrations when required.
Support security assessments and red team activities.
Required Skills & Qualifications
Bachelors degree in Computer Science Information Security or a related field.
7 years of experience in Application Security or Cybersecurity.
Hands-on experience with SAST DAST and vulnerability assessment tools.
Strong knowledge of OWASP Top 10 API Security and secure coding practices.
Experience integrating security tools into CI/CD environments such as Jenkins GitHub Actions or GitLab.
Familiarity with scripting languages such as Python Bash or PowerShell.
Excellent analytical troubleshooting and communication skills.
Preferred Qualifications
Experience in threat modeling and secure architecture reviews.
Hands-on exposure to penetration testing or red team activities.
Industry certifications such as OSCP CEH GWAPT CSSLP or equivalent are preferred.