826 Api Security jobs in India
Lead Cybersecurity - API Security
Posted today
Job Viewed
Job Description
**About the Company:**
**About the Job:**
**This position is a Lead Cyber Security, responsible for API Security in the enterprise. This position will implement strategic initiatives of implementing solutions to secure APIs throughout the phases of SDLC. The ideal candidate will be responsible for identifying, evaluating, and mitigating security vulnerabilities within our API ecosystem. This role requires a proactive approach to security and a strong understanding of API architecture and security best practices.**
**This professional must be highly organized and able to manage various stakeholder requests as they arise with strong multitasking skills and technical acumen. In addition, the professional must also be able to assist mentor team members in the designated areas of responsibility.**
**Experience Level: 12+ years**
**Location: Hyderabad / Bengaluru**
**Responsibilities Include:**
**Conduct regular security assessments and monitor real-time alerts generated from API endpoint monitoring tools.**
**Develop and maintain a comprehensive vulnerability management program for APIs.**
**Implement Shift left practices for API security in the enterprise.**
**Collaborate with development teams to ensure secure coding practices are followed.**
**Implement and manage API security tools to monitor and protect against threats.**
**Keep abreast of the latest security trends, threats, and mitigation techniques in API security.**
**Required skills:**
**12 years minimum experience in a Application Security.**
**8 plus year of DAST experience with specialization in APIs.**
**5 plus years of experience in API security.**
**Hands-on experience with API security tools and frameworks.**
**Strong understanding of RESTful and SOAP web services.**
**Knowledge of authentication mechanisms like OAuth, JWT, and API keys.**
**Experience in developing secure coding practices for APIs.**
**Experience in implementing API security tools.**
**Experience with cloud services and their native API security features is desirable.**
**Familiarity with the NoName API security tool is a plus.**
**Desirable skills:**
**Bachelors or Masters in Computer Science Engineering.**
**Relevant security certifications (e.g., CISSP, CEH, OSCP) are preferred.**
**Excellent problem-solving and analytical skills.**
**Effective communication skills, both written and verbal.**
**Ability to work independently and as part of a team.**
**Technical Skills: Vulnerability management, API Security, DAST etc.,**
**Additional information (if any): Flexible to provide coverage in US morning hours.**
**Certification: CISSP, CEH, OSCP and/or other relevant certifications.**
**Weekly Hours:**
40
**Time Type:**
Regular
**Location:**
IND:AP:Hyderabad / Argus Bldg 4f & 5f, Sattva, Knowledge City- Adm: Argus Building, Sattva, Knowledge City
It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.
AT&T will consider for employment qualified applicants in a manner consistent with the requirements of federal, state and local laws
We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status
Application Security Engineer
Posted today
Job Viewed
Job Description
+ Analysis of UML diagrams and DFDs/Threat Models for security flaws and detailing specific recommendations in software and system setup to address them
+ Mentoring of developers on security topics and coding
+ Develop and deliver trainings to developers and management on security topics
+ Analyzing requirements and performing code review for security flaws
+ Establish direction for security requirements in our custom hardware and software
+ Collaborate with other internal security groups across multiple divisions, at different levels, and in multiple international locations, as well as 3rd parties
+ Continuous improvement of security processes via observation and measurement of project performance, and making updates to improve accuracy, reduce overhead, while maintaining compliance with IEC 62443 3-3 and 4-1 standards
+ Participate in audits for standards compliance
Who You Are:
You quickly and decisively act in constantly evolving, unexpected situations. You adjust communication content and style to meet the needs of diverse partners. You always keep the end in sight; puts in extra effort to meet deadlines. You analyze multiple and diverse sources of information to define problems accurately before moving to solutions. You observe situational and group dynamics and select best-fit approach.
For This Role, You Will Need:
+ Bachelor's degree in Computer Science, Computer Engineering, or a related engineering field with a minimum of 8 years of relevant experience OR Master's degree in Computer Science, Computer Engineering, or a related engineering field with a minimum of 7 years of relevant experience
+ Candidate must have hands-on, professional coding experience, C/C++ or C# preferred
+ Understanding of SDL/secure software development lifecycle practices
+ Practical experience in software and security design principles
+ Experience performing application-level threat modeling and code review
+ Excellent interpersonal skills
+ Excellent written and verbal communication skills
+ Ability to clearly communicate technical information to a wide range of audiences
+ Current knowledge of malware trends and current cybersecurity issues
+ Experience with PKI/Certificates, Cryptography
Preferred Qualifications that Set You Apart:
+ Current knowledge of trends in security specific to control systems
+ Experience in the ICS or Automotive Industry
+ Experience with other OT network technologies and Cloud
+ Experience working with geographically distributed teams in a 100+ developer organization.
+ Certifications such as CISSP, CEH, GSSP, GSEC, CSSLP, GIAC, ISA Cybersecurity, etc.
Our Offer to You:
By joining Emerson, you will be given the opportunity to make a difference through the work you do.
Emerson's compensation and benefits programs are designed to be **competitive within the industry and local labor markets** . We also offer a **comprehensive medical and insurance coverage** to meet the needs of our employees.
We are committed to creating a global workplace that **supports diversity, equity and embraces inclusion** . We welcome foreign nationals to join us through our **Work Authorization Sponsorship** .
We attract, develop, and retain exceptional people in an inclusive environment, where all **employees can reach their greatest potential** . We are dedicated to the ongoing development of our employees because we know that it is critical to our success as a global company.
We have established our Remote Work Policy for eligible roles to promote **Work-Life Balance** through a hybrid work set up where our team members can take advantage of working both from home and at the office.
Safety is paramount to us, and we are relentless in our pursuit to provide a **Safe Working Environment** across our global network and facilities.
Through our benefits, development opportunities, and an inclusive and safe work environment, we aim to create an organization our people are proud to represent.
**Requisition ID** :
Emerson is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, age, marital status, political affiliation, sexual orientation, gender identity, genetic information, disability or protected veteran status. We are committed to providing a workplace free of any discrimination or harassment.
Application Security Engineer
Posted 3 days ago
Job Viewed
Job Description
Dezerv is a house of investing solutions for high-net-worth and affluent Indians. Dezerv is co-founded by Sandeep Jethwani, Vaibhav Porwal, and Sahil Contractor. They have led successful wealth management businesses and managed over USD 7 billion in assets. The Dezerv team brings together decades of investing expertise from leading global financial institutions like JP Morgan, UBS, BNP Paribas, etc. Our team of experts monitors the performance of portfolios and rebalance them if required to ensure long-term success. We are backed by marquee firms like Premji Invest, Accel, Elevation, Matrix, etc. Since inception, our clients have trusted us with over 12000+ Crs of their assets.
Why are we building Dezerv?
Investing is stressful and emotional. Building & growing wealth is difficult and time-consuming. Most individuals struggle with managing their investments and money. Our goal is to help individuals grow their wealth without the stress, time, and costs involved in a traditional investment. At Dezerv, we are building a platform that leverages our decades of investment expertise to help individuals invest better for their future.
What are we trying to solve/mission?
We are passionate about helping Indians invest better. We manage investments with active oversight to help both sophisticated and new investors build long-term wealth across various market conditions.
About the Team
We are seeking a highly motivated and experienced Application Security to join our dynamic team in Bangalore. In this critical role, you will be the champion for product security, taking a comprehensive and proactive approach to safeguarding our applications and infrastructure. You will be responsible for the security of our web and mobile platforms.
Key Responsibilities:
- Product Security Ownership: Take end-to-end ownership of the security of our web and mobile applications, built with technologies like React and Flutter.
- Application Penetration Testing: Conduct regular and in-depth penetration testing of our web and mobile applications to identify and remediate vulnerabilities.
- Secure SDLC & DevSecOps: Champion and integrate security seamlessly into the entire DevOps deployment process. Design, implement, and manage a robust DevSecOps pipeline, automating security testing (SAST, DAST, IAST, SCA) to provide fast feedback to developers.
- Mobile Application Security: Implement and enforce security best practices for our Flutter and React-based mobile applications, including secure data storage, secure network communication, and code obfuscation.
- Threat Modeling: Conduct threat modeling exercises to identify potential security risks and design effective mitigation strategies.
- Security Champion & Advocate: Act as the go-to person for all application security matters. Mentor and train developers on secure coding practices and create a strong security-aware culture within the engineering team.
- Incident Response: Develop and maintain an incident response plan for application security incidents. Lead the response to any security breaches, conduct post-mortem analysis, and implement corrective actions.
- Vulnerability Management: Manage the lifecycle of identified vulnerabilities, from discovery to remediation, ensuring timely patching and reporting.
Required Skills and Experience:
- Experience: 3-5 years of relevant experience in application security, with a proven track record in a fast-paced environment. Experience in regulated sectors (like finance or fintech) is highly welcome.
- Penetration Testing: Extensive hands-on experience in both manual and automated penetration testing of web and mobile applications.
- Application Architecture: Strong understanding of application architecture principles and the ability to identify security flaws at the design level.
- Cloud Security (AWS): In-depth knowledge of AWS security services and best practices. Hands-on experience with CSPM and CWPP tools is a must.
- DevSecOps: Proven experience in building and managing a DevSecOps pipeline, with a deep understanding of the DevOps deployment process and how to effectively embed security controls within CI/CD workflows.
- Mobile Security: Demonstrable experience in securing mobile applications, particularly those built with Flutter and React .
- Programming & Scripting: Proficiency in at least one scripting language (e.g., Python, Bash) for automation and a good understanding of the languages used in our stack (e.g., JavaScript, Dart).
- Security Tools: Hands-on experience with a variety of security tools for SAST, DAST, SCA, and infrastructure scanning.
- Certifications: Professional security certifications are preferred, in the following order: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM).
- Communication: Excellent communication and interpersonal skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.
Who You Are:
- You are passionate about security and technology.
- You are a proactive problem-solver with a "builder" mindset.
- You thrive in a collaborative, fast-paced startup environment.
- You are a strong advocate for security best practices.
- You are eager to learn and adapt to new technologies and challenges.
Why Join Us?
- Be a part of a mission-driven company that is changing the landscape of wealth management in India.
- Work with a talented and passionate team in a collaborative environment.
- Opportunity to have a significant impact and take ownership of product security.
- Competitive salary and benefits package.
Application Security Engineer
Posted 3 days ago
Job Viewed
Job Description
About us:
Foodsmart is the leading telenutrition and foodcare solution, backed by a robust network of Registered Dietitians. Our platform is designed to foster healthier food choices, drive lasting behavior change, and deliver long-term health outcomes. Through our highly personalized, digital platform, we guide our 2.2 million members—including those in employer-sponsored health plans, regional and national Medicaid managed care organizations, Medicare Advantage plans, and commercial insurers—on a tailored journey to eating well while saving time and money.
Foodsmart seamlessly integrates dietary assessments and nutrition counseling with online food ordering and cost-effective meal planning for the entire family, optimizing ingredients both at home and on the go. We partner with national and regional retailers across the U.S., many of whom accept SNAP/EBT, making healthier food more accessible. Additionally, we assist members with SNAP enrollment and management, providing tangible access to nutritious food.In 2024, Foodsmart secured a $200 million investment from TPG’s Rise Fund, which supports entrepreneurs dedicated to achieving the United Nations’ Sustainable Development Goals. This investment will help us expand our reach, particularly to low-income workers who are disproportionately affected by diet-related diseases.
At Foodsmart, our mission is to make nutritious food accessible and affordable for everyone, regardless of economic status. We are committed to a set of core values that shape our culture and work environment:
️ Measured: We make data-driven, truth-seeking decisions.
Impactful: We are fueled by achieving our mission and vision.
Security Engineer, Application Security
Posted today
Job Viewed
Job Description
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.
Key job responsibilities
* Creating, updating, and maintaining threat models for a wide variety of software projects
* Security architecture and design guidance
* Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
* Development of security automation tools
* Adversarial security analysis using innovative tools to augment manual effort
* Security training and outreach for internal development teams
* Independently solve security problems that require novel methods or approaches
* Influence your team's and partners' process, priorities, and choices to improve outcomes
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
#Joinstoresappsec
Basic Qualifications
- BS in Computer Science, Information Security, 3+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment.
- Hands on experience in threat modelling, architecture review, manual source code review, attacker exploit techniques, and methods for their remediation.
- Have good understanding of network architecture, enterprise IT systems and cloud such as AWS and programming or Scripting skills (E.g: Java, Python, Perl, Bash, Ruby, PowerShell, etc.) and can explain complex technical risks in simple, clear language that non-technical stakeholders can easily understand and act upon.
Preferred Qualifications
- You demonstrate excellent judgement in assessing and prioritizing technical risk and You have a strong application security background with a focus on scalable solutions
- You have experience building and securing cloud infrastructure such as AWS and work to identify and remove bottlenecks for your teammates, both in process and technology
- You create and maintain security documentation, including architecture designs, implementation guides, and best practices to promote secure development practices
- Identify security risks and drive continuous improvement in security controls and practices and collaborate with security stakeholders to develop security strategies
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Senior Application Security Engineer
Posted 3 days ago
Job Viewed
Job Description
About Atomicwork
Atomicwork is reimagining IT and workplace operations by putting employees at the center of the experience. With a strong emphasis on automation, integration, and security, Atomicwork helps organizations streamline workflows, improve productivity, and reduce friction across employee and IT interactions.
Role Overview
We are looking for a Senior Application Security Engineer to join our growing engineering team. In this role, you will lead efforts to embed security best practices across the software development lifecycle, proactively identify and mitigate application risks, and collaborate with product and engineering teams to ensure secure design and implementation.
You’ll play a critical role in strengthening the security posture of our cloud-native, AI-driven SaaS platform.
Key Responsibilities
- Design and implementation of secure software architecture patterns across the platform.
- Conduct threat modeling, security design reviews, and code audits for critical features.
- Define and automate security tests (SAST, DAST, SCA) as part of the CI/CD pipeline.
- Manage and resolve application-layer vulnerabilities discovered via internal and external security assessments (e.g., OWASP Top 10, CVEs).
- Collaborate with developers to ensure secure coding practices through training, tooling, and mentorship.
- Evaluate and integrate security technologies to support secure service-to-service communication, secrets management, and identity and access control.
- Stay up-to-date with the latest vulnerabilities, exploits, and mitigation techniques in modern web/AI applications.
- Assist with incident response and root cause analysis for security events.
- Partner with DevOps to ensure secure deployment configurations and container security.
Qualifications
- 8+ years of experience in application security, with strong knowledge of modern web application architectures (REST APIs, GraphQL, OAuth2, JWT, etc.).
- Proficiency in secure coding practices in at least one major language (Python/Java, JavaScript/Typescript, or similar).
- Proficient in both Static and Dynamic Application Security Testing (SAST, DAST, IAST), and Software Composition Analysis (SCA).
- Experience with security scanning tools (e.g., SonarQube, Snyk, Checkmarx) and hands-on remediation guidance.
- Deep understanding of cloud security principles (preferably AWS).
- Familiarity with container security (Docker, Kubernetes) and infrastructure-as-code (Terraform).
- Strong command of OWASP Top 10 with practical knowledge of attack vectors and mitigation strategies.
- Strong analytical and communication skills with the ability to influence engineering teams.
- Security certifications such as : OSCP, OSWE, OSEP, ECSA|LPT, CPT, CEH, GWAPT, or CSSLP are a plus.
Why we are different (culture)
As a part of Atomicwork, you can shape our company and business from idea to production. Our cultural values also set the bar high, helping us create a better workplace for everyone.
- Autonomy: We champion self-direction to deliver customer success, empowering teams and individuals to deliver peak performance.
- Trust: We unwaveringly believe in our colleagues' positive intentions, approaching every interaction with trust to accelerate execution.
- Ownership: We demonstrate unwavering commitment to our mission and goals, taking full responsibility for triumphs and setbacks.
- Mastery: We relentlessly pursue continuous self-improvement as individuals and teams, dedicating ourselves to constant learning and growth.
- Impatience: We recognize that our world moves swiftly and is driven by an unyielding desire to progress with every endeavor.
- Customer Obsession: We place our customers at the heart of everything we do, relentlessly seeking to understand their needs and exceed their expectations.
What we offer (compensation and benefits)
We are big on benefits that make sense to you and your family.
- Fantastic team —the #1 reason why everybody joins us.
- Convenient offices — well-located offices spread over five different cities.
- Flexible work timings — you get to decide how you want to work.
- Paid time off — Unlimited sick leaves and 24 days off every year.
- Health insurance — comprehensive health coverage for your entire family.
- Great hardware — premium Apple hardware to help you do your best work.
- Flexible allowances — with hassle-free reimbursements across spends.
- Team events — we cover team meet-ups and celebrations for milestones.
- Annual outings — for everyone to have fun together.
Senior Application Security Engineer
Posted 3 days ago
Job Viewed
Job Description
Security Testing
- Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA)
- Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtime
- Execute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risks
Vulnerability Management and Threat Mitigation
- Identify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT)
- Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure Design
- Assess and remediate vulnerabilities by OWASP Application Security Verification Standard (ASVS)
Cloud Security
- Secure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standards
Compliance and Regulations
- Ensure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPR
- Conduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS Controls
DevSecOps Integration
- Embed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediation
- Collaborate with DevOps teams to integrate security tools and testing into the CI/CD pipelines using Jenkins and Azure DevOps
Required Skills and Qualifications
Technical Proficiency
- Legacy technologies: Java, .NET
- Modern technologies: React, Node.js, Python, PHP, Ruby/Rails, Angular, etc
- CMS experience with Magento-Adobe and Avocode
Cloud Skills
- Expertise with AWS and Azure cloud platforms
Security and Compliance Knowledge
- Strong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity Frameworks
- Familiarity with SANS Top 25 Software Errors and their remediation strategies
Security Testing Expertise
- Proficiency in SAST, SCA, DAST, IAST, and penetration testing techniques
- Experience in Threat Modeling to proactively identify and mitigate risks
- Strong knowledge of VAPT, mobile, and API security testing
DevSecOps and SDLC Integration
- Expertise in implementing Secure Software Development Lifecycle (SDLC) practices
- Proficiency in integrating security tools with CI/CD pipelines using Jenkins and Azure DevOps
Soft Skills
- Excellent communication skills to bridge the gap between technical and business teams
- Ability to articulate technical issues to both technical and non-technical audiences
Be The First To Know
About the latest Api security Jobs in India !
Senior Application Security Engineer
Posted 4 days ago
Job Viewed
Job Description
Responsibilities:
- Conduct security assessments of web and mobile applications.
- Perform static (SAST) and dynamic (DAST) application security testing.
- Identify, analyze, and prioritize security vulnerabilities.
- Collaborate with development teams to implement secure coding practices and remediate vulnerabilities.
- Develop and maintain security testing tools and automation scripts.
- Participate in threat modeling and risk assessment activities.
- Contribute to security awareness training for developers.
- Evaluate and integrate security tools into the CI/CD pipeline.
- Stay current with emerging application security threats and best practices.
Senior Application Security Engineer
Posted 17 days ago
Job Viewed
Job Description
Key Responsibilities:
- Conduct security assessments of web and mobile applications, including penetration testing and vulnerability analysis.
- Perform threat modeling to identify potential security risks and design appropriate mitigation strategies.
- Review application source code for security vulnerabilities and provide actionable recommendations to developers.
- Develop and maintain secure coding guidelines and standards for various programming languages and frameworks.
- Integrate security testing tools (SAST, DAST) into the CI/CD pipeline.
- Work closely with development teams to remediate identified vulnerabilities in a timely manner.
- Provide security training and guidance to developers and QA engineers.
- Investigate and respond to security incidents related to applications.
- Stay up-to-date with the latest application security threats, vulnerabilities, and defense techniques.
- Contribute to the development and implementation of the overall application security program.
- Automate security tasks and processes wherever possible.
- Advise on security best practices for cloud-native applications and microservices architectures.
- Evaluate and recommend new security tools and technologies.
- Bachelor's degree in Computer Science, Cybersecurity, or a related field.
- 5+ years of experience in application security, software development, or security engineering.
- In-depth knowledge of OWASP Top 10 vulnerabilities and mitigation techniques.
- Experience with penetration testing tools and methodologies (e.g., Burp Suite, OWASP ZAP).
- Familiarity with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.
- Proficiency in at least one common programming language (e.g., Java, Python, Node.js, C#).
- Understanding of secure SDLC principles and practices.
- Experience with cloud security concepts (AWS, Azure, GCP) is a plus.
- Strong analytical and problem-solving skills.
- Excellent communication and collaboration skills, with the ability to explain complex security issues clearly.
- Relevant security certifications (e.g., CISSP, CEH, GWAPT) are highly desirable.
Senior Application Security Engineer
Posted 20 days ago
Job Viewed
Job Description
Responsibilities:
- Conduct security assessments, vulnerability analysis, and penetration testing of web and mobile applications.
- Perform manual and automated security code reviews to identify vulnerabilities.
- Develop and maintain security testing tools, scripts, and frameworks.
- Collaborate with software development teams to integrate security into the SDLC.
- Provide guidance and training to developers on secure coding practices and threat mitigation.
- Contribute to threat modeling exercises for new application features and services.
- Investigate and respond to security incidents, providing timely remediation advice.
- Stay current with the latest application security threats, vulnerabilities, and mitigation techniques.
- Document security findings, recommendations, and remediation efforts.
- Champion security best practices across the organization.
- Bachelor's degree in Computer Science, Cybersecurity, or a related field.
- 5+ years of experience in application security, penetration testing, or secure software development.
- Strong understanding of OWASP Top 10 vulnerabilities and common attack vectors.
- Proficiency with SAST and DAST tools (e.g., Burp Suite, OWASP ZAP, SonarQube).
- Experience with secure coding principles and frameworks.
- Knowledge of cryptography, authentication, and authorization mechanisms.
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills, with the ability to explain technical concepts clearly.
- Experience with cloud security principles (AWS, Azure) is a plus.
- Relevant security certifications (e.g., CEH, OSCP) are desirable.