826 Api Security jobs in India

Description
In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment.
As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.
Key job responsibilities
* Creating, updating, and maintaining threat models for a wide variety of software projects
* Security architecture and design guidance
* Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
* Development of security automation tools
* Adversarial security analysis using innovative tools to augment manual effort
* Security training and outreach for internal development teams
* Independently solve security problems that require novel methods or approaches
* Influence your team's and partners' process, priorities, and choices to improve outcomes
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Mentorship and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
#Joinstoresappsec
Basic Qualifications
- BS in Computer Science, Information Security, 3+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment.
- Hands on experience in threat modelling, architecture review, manual source code review, attacker exploit techniques, and methods for their remediation.
- Have good understanding of network architecture, enterprise IT systems and cloud such as AWS and programming or Scripting skills (E.g: Java, Python, Perl, Bash, Ruby, PowerShell, etc.) and can explain complex technical risks in simple, clear language that non-technical stakeholders can easily understand and act upon.
Preferred Qualifications
- You demonstrate excellent judgement in assessing and prioritizing technical risk and You have a strong application security background with a focus on scalable solutions
- You have experience building and securing cloud infrastructure such as AWS and work to identify and remove bottlenecks for your teammates, both in process and technology
- You create and maintain security documentation, including architecture designs, implementation guides, and best practices to promote secure development practices
- Identify security risks and drive continuous improvement in security controls and practices and collaborate with security stakeholders to develop security strategies
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

About Atomicwork

Atomicwork is reimagining IT and workplace operations by putting employees at the center of the experience. With a strong emphasis on automation, integration, and security, Atomicwork helps organizations streamline workflows, improve productivity, and reduce friction across employee and IT interactions.

Role Overview

We are looking for a Senior Application Security Engineer to join our growing engineering team. In this role, you will lead efforts to embed security best practices across the software development lifecycle, proactively identify and mitigate application risks, and collaborate with product and engineering teams to ensure secure design and implementation.

You’ll play a critical role in strengthening the security posture of our cloud-native, AI-driven SaaS platform.

Key Responsibilities

• Design and implementation of secure software architecture patterns across the platform.
• Conduct threat modeling, security design reviews, and code audits for critical features.
• Define and automate security tests (SAST, DAST, SCA) as part of the CI/CD pipeline.
• Manage and resolve application-layer vulnerabilities discovered via internal and external security assessments (e.g., OWASP Top 10, CVEs).
• Collaborate with developers to ensure secure coding practices through training, tooling, and mentorship.
• Evaluate and integrate security technologies to support secure service-to-service communication, secrets management, and identity and access control.
• Stay up-to-date with the latest vulnerabilities, exploits, and mitigation techniques in modern web/AI applications.
• Assist with incident response and root cause analysis for security events.
• Partner with DevOps to ensure secure deployment configurations and container security.

Qualifications

• 8+ years of experience in application security, with strong knowledge of modern web application architectures (REST APIs, GraphQL, OAuth2, JWT, etc.).
• Proficiency in secure coding practices in at least one major language (Python/Java, JavaScript/Typescript, or similar).
• Proficient in both Static and Dynamic Application Security Testing (SAST, DAST, IAST), and Software Composition Analysis (SCA).
• Experience with security scanning tools (e.g., SonarQube, Snyk, Checkmarx) and hands-on remediation guidance.
• Deep understanding of cloud security principles (preferably AWS).
• Familiarity with container security (Docker, Kubernetes) and infrastructure-as-code (Terraform).
• Strong command of OWASP Top 10 with practical knowledge of attack vectors and mitigation strategies.
• Strong analytical and communication skills with the ability to influence engineering teams.
• Security certifications such as : OSCP, OSWE, OSEP, ECSA|LPT, CPT, CEH, GWAPT, or CSSLP are a plus.

Why we are different (culture)

As a part of Atomicwork, you can shape our company and business from idea to production. Our cultural values also set the bar high, helping us create a better workplace for everyone.

• Autonomy: We champion self-direction to deliver customer success, empowering teams and individuals to deliver peak performance.
• Trust: We unwaveringly believe in our colleagues' positive intentions, approaching every interaction with trust to accelerate execution.
• Ownership: We demonstrate unwavering commitment to our mission and goals, taking full responsibility for triumphs and setbacks.
• Mastery: We relentlessly pursue continuous self-improvement as individuals and teams, dedicating ourselves to constant learning and growth.
• Impatience: We recognize that our world moves swiftly and is driven by an unyielding desire to progress with every endeavor.
• Customer Obsession: We place our customers at the heart of everything we do, relentlessly seeking to understand their needs and exceed their expectations.

What we offer (compensation and benefits)

We are big on benefits that make sense to you and your family.

1. Fantastic team —the #1 reason why everybody joins us.
2. Convenient offices — well-located offices spread over five different cities.
3. Flexible work timings — you get to decide how you want to work.
4. Paid time off — Unlimited sick leaves and 24 days off every year.
5. Health insurance — comprehensive health coverage for your entire family.
6. Great hardware — premium Apple hardware to help you do your best work.
7. Flexible allowances — with hassle-free reimbursements across spends.
8. Team events — we cover team meet-ups and celebrations for milestones.
9. Annual outings — for everyone to have fun together.

Security Testing

• Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA)
• Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtime
• Execute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risks

Vulnerability Management and Threat Mitigation

• Identify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT)
• Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure Design
• Assess and remediate vulnerabilities by OWASP Application Security Verification Standard (ASVS)

Cloud Security

• Secure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standards

Compliance and Regulations

• Ensure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPR
• Conduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS Controls

DevSecOps Integration

• Embed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediation
• Collaborate with DevOps teams to integrate security tools and testing into the CI/CD pipelines using Jenkins and Azure DevOps

Required Skills and Qualifications

Technical Proficiency

• Legacy technologies: Java, .NET
• Modern technologies: React, Node.js, Python, PHP, Ruby/Rails, Angular, etc
• CMS experience with Magento-Adobe and Avocode

Cloud Skills

• Expertise with AWS and Azure cloud platforms

Security and Compliance Knowledge

• Strong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity Frameworks
• Familiarity with SANS Top 25 Software Errors and their remediation strategies

Security Testing Expertise

• Proficiency in SAST, SCA, DAST, IAST, and penetration testing techniques
• Experience in Threat Modeling to proactively identify and mitigate risks
• Strong knowledge of VAPT, mobile, and API security testing

DevSecOps and SDLC Integration

• Expertise in implementing Secure Software Development Lifecycle (SDLC) practices
• Proficiency in integrating security tools with CI/CD pipelines using Jenkins and Azure DevOps

Soft Skills

• Excellent communication skills to bridge the gap between technical and business teams
• Ability to articulate technical issues to both technical and non-technical audiences

Our client is seeking a dedicated and skilled Senior Application Security Engineer to join their fully remote engineering team. This role is critical for ensuring the security posture of all applications developed and deployed by the company. As a Senior Application Security Engineer, you will be responsible for integrating security practices throughout the software development lifecycle (SDLC), from design and development to testing and deployment. Your core duties will include performing security code reviews, conducting static and dynamic application security testing (SAST/DAST), identifying and prioritizing vulnerabilities, and working closely with development teams to remediate security flaws. You will also contribute to the development and maintenance of secure coding guidelines, security testing tools, and automated security checks within CI/CD pipelines. This position requires a strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), secure coding principles, and various programming languages. Experience with cloud security concepts and container security (Docker, Kubernetes) is highly advantageous. You will be a key player in threat modeling exercises, security training for developers, and the continuous improvement of the application security program. The ideal candidate possesses excellent problem-solving skills, attention to detail, and the ability to effectively communicate technical security information to diverse audiences. This is a remote-first opportunity, allowing you to contribute from anywhere while collaborating with a global team. A Bachelor's degree in Computer Science, Information Technology, or a related field, coupled with substantial experience in application security, is required. Security certifications such as CSSLP or GIAC certs are a plus.
Responsibilities:

• Conduct security assessments of web and mobile applications.
• Perform static (SAST) and dynamic (DAST) application security testing.
• Identify, analyze, and prioritize security vulnerabilities.
• Collaborate with development teams to implement secure coding practices and remediate vulnerabilities.
• Develop and maintain security testing tools and automation scripts.
• Participate in threat modeling and risk assessment activities.
• Contribute to security awareness training for developers.
• Evaluate and integrate security tools into the CI/CD pipeline.
• Stay current with emerging application security threats and best practices.

Our client is seeking a proactive and highly skilled Senior Application Security Engineer to join their growing, fully remote cybersecurity team. In this vital role, you will be responsible for embedding security best practices throughout the software development lifecycle (SDLC), identifying and mitigating vulnerabilities in our web and mobile applications, and fostering a security-conscious culture within engineering teams. You will perform security reviews, conduct threat modeling, implement security controls, and respond to security findings. This position requires a deep understanding of application security principles, common vulnerabilities (OWASP Top 10), and secure coding practices. You will work collaboratively with development, QA, and operations teams to ensure the delivery of secure and robust software.

Key Responsibilities:

• Conduct security assessments of web and mobile applications, including penetration testing and vulnerability analysis.
• Perform threat modeling to identify potential security risks and design appropriate mitigation strategies.
• Review application source code for security vulnerabilities and provide actionable recommendations to developers.
• Develop and maintain secure coding guidelines and standards for various programming languages and frameworks.
• Integrate security testing tools (SAST, DAST) into the CI/CD pipeline.
• Work closely with development teams to remediate identified vulnerabilities in a timely manner.
• Provide security training and guidance to developers and QA engineers.
• Investigate and respond to security incidents related to applications.
• Stay up-to-date with the latest application security threats, vulnerabilities, and defense techniques.
• Contribute to the development and implementation of the overall application security program.
• Automate security tasks and processes wherever possible.
• Advise on security best practices for cloud-native applications and microservices architectures.
• Evaluate and recommend new security tools and technologies.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in application security, software development, or security engineering.
• In-depth knowledge of OWASP Top 10 vulnerabilities and mitigation techniques.
• Experience with penetration testing tools and methodologies (e.g., Burp Suite, OWASP ZAP).
• Familiarity with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools.
• Proficiency in at least one common programming language (e.g., Java, Python, Node.js, C#).
• Understanding of secure SDLC principles and practices.
• Experience with cloud security concepts (AWS, Azure, GCP) is a plus.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration skills, with the ability to explain complex security issues clearly.
• Relevant security certifications (e.g., CISSP, CEH, GWAPT) are highly desirable.

This is an exciting opportunity to significantly enhance the security posture of our applications in a fully remote setting.Job Location: This is a fully remote position. For administrative and collaborative purposes, this role is associated with opportunities typically managed from Kanpur, Uttar Pradesh, IN .

Our client, a leading innovator in secure software development, is seeking a highly skilled Senior Application Security Engineer to join our fully remote security team. This role is critical in ensuring the security and integrity of our software applications throughout their entire lifecycle. You will be responsible for identifying, assessing, and mitigating security vulnerabilities in our web and mobile applications. Your duties will include conducting in-depth security code reviews, performing penetration testing, developing security testing tools and frameworks, and providing expert guidance to development teams on secure coding practices. The ideal candidate will have a deep understanding of common web vulnerabilities (OWASP Top 10), secure SDLC principles, and various security testing methodologies. Experience with static application security testing (SAST) and dynamic application security testing (DAST) tools is essential. You will also play a key role in defining and implementing security requirements, contributing to threat modeling exercises, and responding to security incidents. This position requires exceptional analytical skills, a proactive approach to security, and the ability to communicate complex technical findings effectively to both technical and non-technical audiences. As a fully remote role, you will have the flexibility to work from anywhere, contributing your expertise to our client's mission of delivering secure and reliable software. We are looking for a passionate security advocate committed to building secure software from the ground up. This is an exciting opportunity to make a significant impact on the security posture of our client's products.

Responsibilities:

• Conduct security assessments, vulnerability analysis, and penetration testing of web and mobile applications.
• Perform manual and automated security code reviews to identify vulnerabilities.
• Develop and maintain security testing tools, scripts, and frameworks.
• Collaborate with software development teams to integrate security into the SDLC.
• Provide guidance and training to developers on secure coding practices and threat mitigation.
• Contribute to threat modeling exercises for new application features and services.
• Investigate and respond to security incidents, providing timely remediation advice.
• Stay current with the latest application security threats, vulnerabilities, and mitigation techniques.
• Document security findings, recommendations, and remediation efforts.
• Champion security best practices across the organization.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in application security, penetration testing, or secure software development.
• Strong understanding of OWASP Top 10 vulnerabilities and common attack vectors.
• Proficiency with SAST and DAST tools (e.g., Burp Suite, OWASP ZAP, SonarQube).
• Experience with secure coding principles and frameworks.
• Knowledge of cryptography, authentication, and authorization mechanisms.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to explain technical concepts clearly.
• Experience with cloud security principles (AWS, Azure) is a plus.
• Relevant security certifications (e.g., CEH, OSCP) are desirable.