275 Application Security jobs in India

· Serve as a trusted advisor to our enterprise customers, leading the analysis and remediation efforts of complex vulnerabilities using the full Checkmarx platform.

· Lead security reviews and consultation efforts across various SDLC stages, focusing on holistic application security.

· Guide customers in adopting secure coding practices, threat modeling, and AppSec risk management strategies.

· Research and develop proof-of-concept (PoC) exploits to demonstrate real-world risks.

Key Responsibilities

· Perform advanced static and dynamic application security testing (SAST, DAST) across a wide range of programming languages and frameworks.

· Lead in-depth software composition analysis (SCA) to identify vulnerable open-source components and license risks.

· Support and guide customers in implementing Infrastructure as Code (IaC) and API security testing strategies.

· Provide strategic mitigation advice to development and AppSec teams based on detailed vulnerability assessments.

· Deliver technical workshops and training sessions to raise customer maturity in AppSec and secure development.

· Create and present tailored PoCs to showcase the exploitability of identified findings.

· Serve as a technical mentor to junior team members and assist with complex analysis escalations.

Stay updated for more insights and innovations by following us on LinkedIn:
eSec Forte Technologies

Requirements:

• 2-4 years of experience in SAST Tools, Checkmarx, or Web. Mobile and API.
• Skilled at secure code review and have in-depth knowledge of application security.
• Candidates who can join immediately will be given preference.

Open Positions:

Application Security - 06

SAST ( Checkmarx) - 16

Follow the
eSec Forte Technologies
Page to stay updated on future opportunities and events

Date: Sep 22, 2025

Job Requisition Id: 62740

Location:
Hyderabad, IN

IBG

JD :

• Understands critical access restrictions and audit compliance requirement for tables and reports
• Understand authorization business requirements for different SAP modules (FI/HR/MM/PM)
• Experience In supporting MDG systems
• Requires in-depth knowledge of SAP Security concepts and administration

• Responsibilities would include design of SAP security strategy according to customer requirements and SAP best practices.

• Duties include the creation of roles, profiles, user ID's and custom authorization objects

• Transports
• Creates training materials and may assist with user orientation and training

IBG

Organisation Unit Purpose (why does the unit exist? What are the results the unit is expected to deliver?)

• The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

Job Purpose (Why does the job exist? What is the unique contribution made by the job holder?)

Primary/General Job Purpose:

• Encourage 'Shift Left' Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
• Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
• Assessments – Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.
  • Key Skills – Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.
• Tools and Technologies – Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Experience with following Components:

Technical Requirements

Application Security - Assessment Skillset

1. Web Application Security – Owasp top 10 , CVSS etc

2. Security Code Review – manual code review in Git etc

3. API Security Review – Open shift, container review etc.

4. Database Security – Requirements to enhance security on Database

5. Web Server Security – Requirements to enhance security on the web server

6. Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system.

7. Integration review – How the application connects with different systems, performed security review on those integrations.

8. Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Soft Skills:

• Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
• Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement "good architecture principles" to lower technical debt
• Assertive personality; should be able to hold her/his own in a project board or work group setting
• Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner
• Ability to work under pressure and meet tough/challenging deadlines
• Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs,
• Risk & Audit) of why a certain observation is a concern or not
• Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
• Has strong decision making, planning and time management skills.
• Can work independently.
• Has a positive and constructive attitude.

Education

Bachelor's degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Essential)

• General Information Security: OSCP, CEH, CISM/CISA or similar
• General Cloud Security: CCSK /CCSP or similar
• Specific Cloud Security: Azure Security or similar
• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Experience (Essential)

• Must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management

Knowledge & Skills - Technical, Functional & Managerial

• Expert at the Web Application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc. (Essential)
• Good understanding of Microservice based architecture (Technical) (Essential)
• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security (Essential)
• Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical) (Essential)
• The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. (Essential)
• The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards. (Essential)
• The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. (Essential)
• The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. (Essential)
• The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
• The Analyst / Engineer can understand and interpret potential issues found in source or compiled code
• The Analyst / Engineer has automation skills/capability in the form of scripting or similar
• The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures
• Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories Desirable
• The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance Desirable
• The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams. Desirable
• The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports
• Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.
• Good negotiation skills will be desirable Desirable
• Must have good judgment skills to decide on an exception approval
• Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders
• Knowledge of application of Agile methodologies/principles such as Scrum or Kanban

Behavioral Competencies - Thinking Related, People Related & Self Related (All Essential)

• Influencer/Security Evangelist for the Team/Squad
• Positive & Constructive Attitude
• Autonomous worker / Decision Maker
• Good listener
• Patient & Calm during stressful situations
• High energy individual / Motivator
• Win-Win Attitude
• Hacker/Defense-In-Depth mindset
• Analytical thinking
• Team Player/Interpersonal Skills
• Eye for detail
• Persistent & Persuasive
• Organized / Structured
• Deadline oriented
• Competent and committed
• People's Person; understands stakeholder management
• Empathetic
• Passionate about architecting smart solutions
• Innovator/Out of the box thinker
• Collaborative Leadership style
• Confident Presenter All Essential

Other Information

• Age – No bar
• Nationality – No bar
• Gender – No bar

Organisation Unit Purpose (why does the unit exist? What are the results the unit is expected to deliver?)

• The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

Job Purpose (Why does the job exist? What is the unique contribution made by the job holder?)

Primary/General Job Purpose:

• Encourage 'Shift Left' Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
• Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
• Assessments – Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes.
  • Key Skills – Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.
• Tools and Technologies – Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Experience with following Components:

Technical Requirements

Application Security - Assessment Skillset

1. Web Application Security – Owasp top 10 , CVSS etc

2. Security Code Review – manual code review in Git etc

3. API Security Review – Open shift, container review etc.

4. Database Security – Requirements to enhance security on Database

5. Web Server Security – Requirements to enhance security on the web server

6. Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system.

7. Integration review – How the application connects with different systems, performed security review on those integrations.

8. Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Soft Skills:

• Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
• Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement "good architecture principles" to lower technical debt
• Assertive personality; should be able to hold her/his own in a project board or work group setting
• Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner
• Ability to work under pressure and meet tough/challenging deadlines
• Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs,
• Risk & Audit) of why a certain observation is a concern or not
• Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
• Has strong decision making, planning and time management skills.
• Can work independently.
• Has a positive and constructive attitude.

Education

Bachelor's degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Essential)

• General Information Security: OSCP, CEH, CISM/CISA or similar
• General Cloud Security: CCSK /CCSP or similar
• Specific Cloud Security: Azure Security or similar
• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Experience (Essential)

• Must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management

Knowledge & Skills - Technical, Functional & Managerial

• Expert at the Web Application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc. (Essential)
• Good understanding of Microservice based architecture (Technical) (Essential)
• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security (Essential)
• Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical) (Essential)
• The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. (Essential)
• The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards. (Essential)
• The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. (Essential)
• The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. (Essential)
• The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
• The Analyst / Engineer can understand and interpret potential issues found in source or compiled code
• The Analyst / Engineer has automation skills/capability in the form of scripting or similar
• The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures
• Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories Desirable
• The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance Desirable
• The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams. Desirable
• The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports
• Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.
• Good negotiation skills will be desirable Desirable
• Must have good judgment skills to decide on an exception approval
• Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders
• Knowledge of application of Agile methodologies/principles such as Scrum or Kanban

Behavioral Competencies - Thinking Related, People Related & Self Related (All Essential)

• Influencer/Security Evangelist for the Team/Squad
• Positive & Constructive Attitude
• Autonomous worker / Decision Maker
• Good listener
• Patient & Calm during stressful situations
• High energy individual / Motivator
• Win-Win Attitude
• Hacker/Defense-In-Depth mindset
• Analytical thinking
• Team Player/Interpersonal Skills
• Eye for detail
• Persistent & Persuasive
• Organized / Structured
• Deadline oriented
• Competent and committed
• People's Person; understands stakeholder management
• Empathetic
• Passionate about architecting smart solutions
• Innovator/Out of the box thinker
• Collaborative Leadership style
• Confident Presenter All Essential

Other Information

• Age – No bar
• Nationality – No bar
• Gender – No bar

Must to Have Responsibilities:

1. Communication : Should be able to understand and articulate technical aspects clearly
2. Cloud Security Expertise : Understand cloud development processes and provide security support throughout,
3. Vulnerability Management : Hands-on with at least two tools like Nessus Pro, Tenable IO, FireEye, CrowdStrike, Defender, SpyCloud.
4. Security Testing : Independently perform penetration testing (PT) and application security assessments as and when required,
5. Security Advisory Role : Go beyond testing by suggesting fixes (e.g., recommending updated encryption protocols for IoT communication stacks),
6. DevOps Integration : Strong grasp of CI/CD and automation practices.
7. Programming Knowledge : Proficiency in at least a few languages such as Java, JavaScript/TypeScript, C++, C, Python, PowerShell, Unix Shell.

Secondary Skills

1. Security Tools Experience to support during cyber incident
2. SIEM/SOAR tools: Microsoft Sentinel, Splunk, Checkmarx.

About us:

Foodsmart is the leading telenutrition and foodcare solution, backed by a robust network of Registered Dietitians. Our platform is designed to foster healthier food choices, drive lasting behavior change, and deliver long-term health outcomes. Through our highly personalized, digital platform, we guide our 2.2 million members—including those in employer-sponsored health plans, regional and national Medicaid managed care organizations, Medicare Advantage plans, and commercial insurers—on a tailored journey to eating well while saving time and money.

Foodsmart seamlessly integrates dietary assessments and nutrition counseling with online food ordering and cost-effective meal planning for the entire family, optimizing ingredients both at home and on the go. We partner with national and regional retailers across the U.S., many of whom accept SNAP/EBT, making healthier food more accessible. Additionally, we assist members with SNAP enrollment and management, providing tangible access to nutritious food.In 2024, Foodsmart secured a $200 million investment from TPG’s Rise Fund, which supports entrepreneurs dedicated to achieving the United Nations’ Sustainable Development Goals. This investment will help us expand our reach, particularly to low-income workers who are disproportionately affected by diet-related diseases.

At Foodsmart, our mission is to make nutritious food accessible and affordable for everyone, regardless of economic status. We are committed to a set of core values that shape our culture and work environment:

️ Measured: We make data-driven, truth-seeking decisions.

Impactful: We are fueled by achieving our mission and vision.