4,490 Application Security jobs in India

• C/ C / Java , Dot Net and Java knowledge / experience. One or more scripting language like perl/ php/ python/ bash
• Expertise in web application penetration testing and network penetration testing
• Good knowledge of hardening guidelines for database, server, firewall etc.
• Good knowledge of secure software development standards, process, techniques and tools
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
• Good understanding of security development lifecycle processes across technologies.

Other Working Skills :

• Analytical skills, ability to work with minimal supervision, good speaking and writing skills, excellent working knowledge of word, excel and powerpoint
• Educational Background : MCA, BCA , B.Tech ( CSC or ECE)

• C/ C / Java , Dot Net and Java knowledge / experience. One or more scripting language like perl/ php/ python/ bash
• Expertise in web application penetration testing and network penetration testing
• Good knowledge of hardening guidelines for database, server, firewall etc.
• Good knowledge of secure software development standards, process, techniques and tools
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
• Good understanding of security development lifecycle processes across technologies.

Other Working Skills :

• Analytical skills, ability to work with minimal supervision, good speaking and writing skills, excellent working knowledge of word, excel and powerpoint

• C/ C / Java , Dot Net and Java knowledge / experience. One or more scripting language like perl/ php/ python/ bash
• Expertise in web application penetration testing and network penetration testing
• Good knowledge of hardening guidelines for database, server, firewall etc.
• Good knowledge of secure software development standards, process, techniques and tools
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and protocols etc.
• Good understanding of security development lifecycle processes across technologies.

Other Working Skills :

• Analytical skills, ability to work with minimal supervision, good speaking and writing skills, excellent working knowledge of word, excel and powerpoint
• Educational Background : MCA, BCA , B.Tech ( CSC or ECE)

 Job Description

Role and Responsibilities: 

• Act as a primary liaison between technical teams and business stakeholders, facilitating expert advice on vulnerability remediation strategies and best practices. 
• Ensure strict adherence to security standards and advocate for the seamless integration of security measures into the Software Development Life Cycle (SDLC). 
• Develop and nurture collaborative relationships with business and development teams to align security objectives with business priorities, ensuring mutual benefit and effective prioritization. 
• Assess risks identified in vulnerability assessment results and other security-related data, prioritizing remediations in alignment with business objectives. 
• Partner with application teams to devise strategies for mitigating identified security gaps, assisting in the planning and prioritization of security remediation efforts and control implementations. 
• Provide technical guidance and support to application teams in implementing security controls, advocating for security-by-design principles, and integrating security scanning into the application build process. 
• Collaborate closely with stakeholders to ensure the completeness and accuracy of information security exception requests, aligning them with predetermined criteria and established risk tolerance levels. 
• Regularly communicate with management and stakeholders, presenting detailed reports and updates on vulnerabilities, ongoing remediation efforts, and the status and trends of exception requests 
• Conduct ongoing security research to stay abreast of current security challenges, identifying new opportunities for security integration and automation to enhance overall security posture. 
• Provide training and awareness on vulnerability risk management practices to technical teams and business stakeholders. 

Requirements: 

• Bachelor's degree in computer science, Information Security, or a related field. Good to have advanced degree or relevant certifications (e.g., CISSP, CISM). 
• Minimum 8 years of demonstrated expertise in application security, coupled with proficiency in development. 
• Strong understanding of application security concepts, vulnerabilities, and attack vectors. 
• Robust Information Security technical skills and knowledge to identify, research, and understand security control gaps and program compliance issues. 
• Exceptional ability to communicate security concepts, threats, controls, and mitigation/remediation strategies to diverse audiences, including those unfamiliar with such topics. 
• Proven track record in information security vulnerability assessment, remediation, and security governance. 
• Familiarity with Security Policies, Procedures, Audit, and Compliance requirements. 
• Expert understanding of code syntax and semantics of at least one object-oriented programming language. 
• Possess an analytical mindset with the ability to prioritize and assess risks related to vulnerabilities and exception requests. 
• Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives. 

Soft Skills: 

• Excellent communication and interpersonal skills, adept at articulating technical concepts to non-technical stakeholders. 
• Capable of effectively collaborating with cross-functional teams and building consensus is essential. 
• Commitment to continuous learning and staying updated on industry developments and emerging technologies. 

Good to have: 

• Familiarity with cloud security concepts, cloud services, and cloud security controls. 
• Knowledge of security frameworks, standards, and benchmarks. 

Organisation Unit Purpose (why does the unit exist? What are the results the unit is expected to deliver?)

• The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

Job Purpose (Why does the job exist? What is the unique contribution made by the job holder?)

Primary/General Job Purpose:

• Encourage 'Shift Left' Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
• Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
• Assessments – Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.
  • Key Skills – Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.
• Tools and Technologies – Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Experience with following Components:

Technical Requirements

Application Security - Assessment Skillset

1. Web Application Security – Owasp top 10 , CVSS etc

2. Security Code Review – manual code review in Git etc

3. API Security Review – Open shift, container review etc.

4. Database Security – Requirements to enhance security on Database

5. Web Server Security – Requirements to enhance security on the web server

6. Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system.

7. Integration review – How the application connects with different systems, performed security review on those integrations.

8. Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Soft Skills:

• Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
• Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement "good architecture principles" to lower technical debt
• Assertive personality; should be able to hold her/his own in a project board or work group setting
• Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner
• Ability to work under pressure and meet tough/challenging deadlines
• Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs,
• Risk & Audit) of why a certain observation is a concern or not
• Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
• Has strong decision making, planning and time management skills.
• Can work independently.
• Has a positive and constructive attitude.

Education

Bachelor's degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Essential)

• General Information Security: OSCP, CEH, CISM/CISA or similar
• General Cloud Security: CCSK /CCSP or similar
• Specific Cloud Security: Azure Security or similar
• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Experience (Essential)

• Must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management

Knowledge & Skills - Technical, Functional & Managerial

• Expert at the Web Application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc. (Essential)
• Good understanding of Microservice based architecture (Technical) (Essential)
• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security (Essential)
• Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical) (Essential)
• The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. (Essential)
• The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards. (Essential)
• The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. (Essential)
• The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. (Essential)
• The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
• The Analyst / Engineer can understand and interpret potential issues found in source or compiled code
• The Analyst / Engineer has automation skills/capability in the form of scripting or similar
• The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures
• Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories Desirable
• The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance Desirable
• The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams. Desirable
• The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports
• Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.
• Good negotiation skills will be desirable Desirable
• Must have good judgment skills to decide on an exception approval
• Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders
• Knowledge of application of Agile methodologies/principles such as Scrum or Kanban

Behavioral Competencies - Thinking Related, People Related & Self Related (All Essential)

• Influencer/Security Evangelist for the Team/Squad
• Positive & Constructive Attitude
• Autonomous worker / Decision Maker
• Good listener
• Patient & Calm during stressful situations
• High energy individual / Motivator
• Win-Win Attitude
• Hacker/Defense-In-Depth mindset
• Analytical thinking
• Team Player/Interpersonal Skills
• Eye for detail
• Persistent & Persuasive
• Organized / Structured
• Deadline oriented
• Competent and committed
• People's Person; understands stakeholder management
• Empathetic
• Passionate about architecting smart solutions
• Innovator/Out of the box thinker
• Collaborative Leadership style
• Confident Presenter All Essential

Other Information

• Age – No bar
• Nationality – No bar
• Gender – No bar

Skills :-3-7 years of experience in EITHER / OR BOTH development, or DevSecOps.

Mandatory requirements are SAST, SCA, IaC, SCM, Pipeline automations.

Location :- Bangalore,Hyderabad, Chennai,Gurgaon

Shift Timings :- 2.00 pm - 11.00 pm

About Omnicom Global Solutions

Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries.

OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management.

With over 4500 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey.

Let’s build this together!

Role Overview

We have an exciting opportunity for an Engineer, Product Security at our Hyderabad office. This role supports secure software development, risk mitigation, and product security best practices across automated platforms and infrastructure-as-code environments.

The Product Security Engineer will perform vulnerability assessments, provide risk analysis, support incident response, and collaborate with development and DevOps teams to embed security into all stages of the product lifecycle. This role plays a vital part in enabling secure, scalable, and compliant services across Omnicom’s digital ecosystem.

Key Responsibilities

• Assist in implementing secure software development standards and practices.
• Support integration of security measures into automated service platforms and infrastructure-as-code.
• Conduct regular security assessments and vulnerability scans for applications and infrastructure.
• Analyse and report on security risks and vulnerabilities; provide mitigation recommendations.
• Collaborate with the incident response team on investigations and real-time threat intelligence.
• Monitor and manage security tools to detect and respond to application and infrastructure threats.
• Continuously monitor cloud environments and SaaS platforms for emerging security threats.
• Work closely with development, QA, and IT teams to support secure software delivery.
• Prepare and present security metrics, reports, and summaries to Product Security Leads and stakeholders.
• Deliver security awareness training on secure software development and SecDevOps practices.
• Contribute to the maintenance of security documentation and internal guidelines.

Required Qualifications

• 3-5 years of experience in cybersecurity, software engineering, or DevOps with a focus on product security.
• Familiarity with security assessment tools (e.g., SAST, SCA scanners) and CI/CD environments.
• Basic understanding of secure coding, cloud security, and infrastructure-as-code practices.
• Hands-on experience with tools such as GitHub, AWS, Terraform, Jenkins, Docker, etc.
• Understanding of IT governance frameworks (e.g., SDLC, ITIL) is a plus.
• Strong analytical, documentation, and troubleshooting capabilities.
• Bachelor's degree in Cybersecurity, Computer Science, IT, or related field.
• Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM, and risk analysis
• Certifications such as Security+ or CEH are a plus.

Preferred Qualifications

• AppSec depth (CSSLP, eWPT), Cloud specialization (AWS Security), Foundational credibility (Security+), and CEH are a plus.
• Experience with cloud security frameworks and zero trust architecture.

About Us:

At LXME, we’re building India’s first full-stack financial platform designed exclusively for women. Trust, security, and reliability are at the heart of our mission to empower millions of women to confidently save, manage, and invest their money. As we scale, we're looking for an App Security Engineer to lead our application security efforts across the stack.

What You’ll Do

● Champion and implement security best practices across mobile apps, backend APIs, and third-party integrations

● Conduct mobile application security testing (static & dynamic), and work with teams to remediate findings

● Identify, report, and fix vulnerabilities using frameworks like OWASP Mobile Top 10 and OWASP Web Top 10

● Collaborate with developers to embed security early in the SDLC (Shift Left approach)

● Perform code reviews with a security focus and help define secure coding standards

● Own and manage security audits, VAPT engagements, and contribute to compliance efforts

● Evaluate and integrate tools for app shielding, code obfuscation, root/jailbreak detection, and anti-tampering

● Monitor for real-time threats and incidents, and drive timely mitigation

What We’re Looking For

● 3–6 years of hands-on experience in application or mobile app security

● Strong experience with tools like MobSF, Frida, Burp Suite, OWASP ZAP, etc.

● Solid understanding of Android and iOS security models, encryption, and app hardening

● Experience working with secure authentication flows (e.g., OAuth2.0, tokenization, UPI integrations)

● Familiarity with compliance and security standards: RBI, PCI-DSS, ISO 27001, etc.

● Proficient in scripting and automation using Python, Bash, or similar

● Strong communication skills, with the ability to explain technical risks to non-technical stakeholders

Nice to Have

● Experience in bug bounty triage, threat modeling, or red teaming

● Exposure to DevSecOps, SAST/DAST tools, and CI/CD security integration

● Security certifications like CEH, OSCP, CISSP, or GIAC GWEB

Why Join Us?

● Play a key role in our security-first culture as we scale nationally

● Work on meaningful challenges at the intersection of fintech and women’s empowerment

● Be part of a mission-driven, collaborative team that values high ownership and impact