187 Application Security jobs in Chennai

Greetings from ALIQAN Technologies

Job Title: Application Security Engineer

Experience: 5+ YearsDepartment:

Technology – Information Security

Location: Chennai (Hybrid – 3 days from office)

Reporting To: Application Security Architect

Working Hours: Full Time (9 hours/day)

About Lebara

Lebara is a global telecommunications company, operating across Europe and several international markets under the MVNO model. Established in 2001, Lebara has evolved to serve over 4.7 million customers with affordable mobile solutions, combining reliable networks with excellent customer service.

We are on a transformation journey, moving from consolidation to rapid growth, with innovation and customer experience at the heart of our strategy.

Role Summary

The Application Security Engineer will play a key role in securing Lebara's applications and services by integrating security standards into the software development lifecycle, conducting vulnerability assessments, penetration testing, and providing expert security guidance across technology teams.

Key Responsibilities

• Integrate security tools, standards, and practices into the product lifecycle (PLC).
• Perform vulnerability assessments and penetration testing for infrastructure, applications, services, and mobile apps.
• Provide manual penetration testing and gap analysis.
• Support incident response, architecture reviews, and vendor due diligence.
• Manage penetration testing services (in-house and external).
• Develop and maintain security improvement projects for application frameworks and perimeter defenses.
• Produce and present application security metrics and reports for stakeholders.
• Collaborate with developers and architects to drive secure coding practices and SSDLC adoption.

Skills & Experience

Must-Have Skills:

• Knowledge of OWASP Top 10, SANS 25, MITRE ATT&CK.
• Strong understanding of SSDLC, SOA, REST APIs, and API Gateways.
• Pen testing experience across IaaS, SaaS, PaaS, containers, and cloud services (AWS/Azure/GCP).
• Hands-on with penetration testing & vulnerability tools (Burp Suite, Rapid7 InsightVM, , OpenVAS, Kali Linux, Metasploit, Nmap, BloodHound, etc.).
• Proficiency in scripting languages (Python, Bash, PowerShell).
• Experience in Windows/Linux OS security, web servers (Apache/Unix).
• Strong knowledge of risk scoring systems (EPSS, CVSS) and compliance standards (CIS Benchmark, NIST).

Preferred Skills:

• Red Teaming experience (defense evasion, lateral movement, privilege escalation).
• Familiarity with external attack surface management.
• Security certifications (CISSP, OSCP, CEH, CSSLP).
• Basic coding experience (JavaScript, React, , .NET, or Java).

Job Type: Contractual / Temporary

Pay: Up to ₹1,200,000.00 per year

Work Location: In person

Greetings from Netsach - A Cyber Security Company.

We are looking for Web Application Security consultant with minimum of 3+ years of relevant experience in an information security function with good background in information technology, stakeholder management and people management. Their primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads.

Job Title: Web Application Security

Exp: 3+yrs

Location: Chennai, Onsite

Job Type: Full-Time

Interested candidates please share your updated resume at

Key Skills Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.

Tools and Technologies Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Technical Requirement

1. Web Application Security Owasp top 10 , CVSS etc
2. Security Code Review manual code review in Git etc
3. API Security Review Open shift, container review etc.
4. Database Security Requirements to enhance security on Database
5. Web Server Security Requirements to enhance security on the web server
6. Configuration Review has performed different configuration reviews and should have found good misconfigurations in the system.
7. Integration review How the application connects with different systems, performed security review on those integrations.
8. Transport Layer Security How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Knowledge & Skill Set:

• Expert at the Web application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc.
• Good understanding of Microservice based architecture (Technical)
• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security
• Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical).
• The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations.
• The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards.
• The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components.
• The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer.
• The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
• The Analyst / Engineer can understand and interpret potential issues found in source or compiled code.
• The Analyst / Engineer has automation skills/capability in the form of scripting or similar.
• The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures.
• Desirable Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories.
• The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance.
• The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams.
• The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports.
• Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team.
• Good negotiation skills will be desirable Must have good judgment skills to decide on an exception approval.
• Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders.
• Knowledge of application of Agile methodologies/principles such as Scrum or Kanban

Soft Skills:

• Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
• Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement good architecture principles to lower technical debt
• Assertive personality; should be able to hold her/his own in a project board or work group setting
• Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.
• Ability to work under pressure and meet tough/challenging deadlines
• Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not
• Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
• Has strong decision making, planning and time management skills.
• Can work independently.
• Has a positive and constructive attitude

Education

Bachelors degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar

Certifications

• General Information Security:OSCP, CEH, CISM/CISA or similar
• General Cloud Security: CCSK /CCSP or similar
• Specific Cloud Security: Azure Security or similar
• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Thank You

Emily Jha

Netsach - A Cyber Security Company

Greetings from Netsach - A Cyber Security Company.

We are looking for Web Application Security consultant with minimum of 3+ years of relevant experience in an information security function with good background in information technology, stakeholder management and people management. Their primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms. Conduct security assessments, gap analysis, provide remediation to the relevant squads.

Job Title: Web Application Security

Exp: 3+yrs

Location: Chennai, Onsite

Job Type: Full-Time

Interested candidates please share your updated resume at

Key Skills Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review.  

Tools and Technologies Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub and good knowledge about monolithic and microservice architecture and pipeline driven security.

Technical Requirement

1. Web Application Security Owasp top 10 , CVSS etc
2. Security Code Review manual code review in Git etc 
3. API Security Review Open shift, container review etc. 
4. Database Security Requirements to enhance security on Database 
5. Web Server Security Requirements to enhance security on the web server 
6. Configuration Review has performed different configuration reviews and should have found good misconfigurations in the system.
7. Integration review How the application connects with different systems, performed security review on those integrations. 
8. Transport Layer Security How communication channels are secured and understanding of the Transport layer security mechanisms and controls.

Knowledge & Skill Set:

• Expert at the Web application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc. 
• Good understanding of Microservice based architecture (Technical) 
• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security
• Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical).
• The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations. 
• The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards. 
• The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components. 
• The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer. 
• The Analyst / Engineer has the skill to follow design principles and applies design patterns to enforce maintainable and reusable patterns, in the form of code or otherwise.
• The Analyst / Engineer can understand and interpret potential issues found in source or compiled code.
• The Analyst / Engineer has automation skills/capability in the form of scripting or similar. 
• The Analyst / Engineer can attack application and infrastructure assets, interpret threats, and suggest mitigating measures.
• Desirable Ability to interpret Security Requirements mandated by oversight functions and ensure comprehensive coverage of those requirements, via documentation, within high level design and/or during agile ceremonies, via Evil Stories.
• The Analyst / Engineer can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance.
• The Analyst / Engineer has the skill to discuss and present solutions to other architecture, security, development, and leadership teams. 
• The Analyst / Engineer can interpret and understand vulnerability assessment reports and calculate inherent and/or residual risks based on the assessment of such reports.
• Ability to articulate and be a persuasive leader who can serve as an effective member of the senior management team. 
• Good negotiation skills will be desirable Must have good judgment skills to decide on an exception approval.
• Ability to enforce improvements when necessary, using Influence rather than Policing measures Superior written and verbal communication skills to effectively communicate security threats and recommendations to technical or non-technical stakeholders.
• Knowledge of application of Agile methodologies/principles such as Scrum or Kanban

Soft Skills:

• Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective 
• Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement good architecture principles to lower technical debt 
• Assertive personality; should be able to hold her/his own in a project board or work group setting
• Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.
• Ability to work under pressure and meet tough/challenging deadlines 
• Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not 
• Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint 
• Has strong decision making, planning and time management skills. 
• Can work independently. 
• Has a positive and constructive attitude

Education

Bachelors degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar 

Certifications

• General Information Security:OSCP, CEH, CISM/CISA or similar 
• General Cloud Security: CCSK /CCSP or similar 
• Specific Cloud Security: Azure Security or similar 
• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Thank You

Emily Jha

Netsach - A Cyber Security Company

Who Are We? 
We’re not just a company; we’re a global force. Fiercely committed to ensuring that everyone, everywhere, can live their lives digitally safe.  Our family of brands – Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner – unite the brightest minds, the sharpest tech and the most diverse thinking to protect over 500 million people. And we’ve built an inclusive workplace, where your well-being is a priority because true success comes from a place of balance and authenticity. When you're thriving, you’re unstoppable. So, bring us your bold ideas and passion that refuses to quit. The digital world isn’t some distant reality – it's the world we live in, and we’re ready for it. If you’re ready to push boundaries and be part of something bigger, join #TeamGen.

How We Work?

Our hybrid work style—2-3 days in the office—gives us the face-to-face time to have creative conversations, meaningful meetings, make quick decisions and build relationships. And it’s flexible enough to give you the space to do your best work.

We seek team members to work with development teams, ensuring secure coding practices are integrated throughout the software development lifecycle. You will provide security guidance to developers and stakeholders, fostering a culture of security awareness within the organization. As an Application Security Engineer, you will identify and mitigate security vulnerabilities in software applications through tool integration, code reviews, and security assessments.

Mission and Goals (About The Role):

As a key player in our Application Security team, your mission is to ensure that our products are secure, resilient, and continuously improving. You'll work across client, web, and mobile teams to lead our bug bounty program , engage in security reviews and threat modeling , and shape the future of secure development within the company.

You’ll be responsible for:

Objectives (What You Will Do In This Role):

Competencies (What You’ll Need to be Successful in this Role) :

#LI-VP1

Gen is proud to be an equal-opportunity employer, committed to diversity and inclusivity. We base employment decisions on merit, experience, and business needs, without considering race, color, national origin, age, religion, sex, pregnancy, genetic information, disability, medical condition, marital status, sexual orientation, gender identity or expression, military or veteran status, or other unlawful factors. Gen prohibits discrimination based on these protected characteristics and recruits talented candidates from diverse backgrounds.

We consider individuals with arrest and conviction records and do not discriminate against employees for discussing their own pay or that of other employees or applicants. Learn more about pay transparency. 

To conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

- Competitive compensation, including base pay and annual incentive
- Comprehensive health and life insurance and well-being benefits, based on location
- Pension / Retirement benefits
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

Technology Risk Management (TRM) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security. The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from exisiting and emerging security risks & improve application risk posture.

Your Primary Responsibilities:

- Set up, customize, and maintainSAST tools(e.g., SonarQube, Fortify, Checkmarx, Veracode) to align with project-specific requirements.
- Performmanual and automated code reviewsto identify and advise on secure coding issues.
- Integrate SAST tools intoCI/CD pipelines(Jenkins, GitHub Actions, GitLab CI, etc.) to support shift-left security.
- Work with development teams tofine-tune SAST rules, reduce false positives, and ensure meaningful results.
- Assist developers in understanding and fixing security issues by providing actionable feedback.
- Implement basic security checks forInfrastructure as Code (IaC)and secrets detection in repositories.
- Collaborate with DevOps teams to ensuresecurity tooling is seamlessly embeddedinto build and deployment workflows.

Qualifications:

- Minimum of 4 years of related experience
- Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

- Fosters a culture where honesty and transparency are expected.
- Stays current on changes in his/her own specialist area and seeks out learning opportunities to ensure knowledge is up-to-date.
- Collaborates well within and across teams.
- Communicates openly with team members and others.
- Resolves disagreements between colleagues effectively, minimizing the impact on the wider team.

Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation

.

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

The Impact you will have in this role:

Technology Risk Management (TRM) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security. The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from exisiting and emerging security risks & improve application risk posture.

Your Primary Responsibilities:

Qualifications:

Talents Needed for Success:

Actual salary is determined based on the role, location, individual experience, skills, and other considerations.

Role & responsibilities

QUALIFICATIONS

5+ years of experience in application security, product security, or software development with a strong security focus.

Strong knowledge of web and API security, secure coding practices, and common application vulnerabilities (OWASP Top 10).

Hands-on experience with security tools for SAST, DAST, dependency scanning, and runtime protection.

Familiarity with cloud security (AWS, Azure, or GCP), container security (Docker, Kubernetes), and Infrastructure as Code (IaC).

Experience integrating security into CI/CD pipelines and DevSecOps practices.

Understanding of cryptography, identity and access management (IAM), and secure authentication (OAuth, SAML, JWT).

Strong problem-solving skills and ability to collaborate in an agile, fast-paced environment.

Certifications such as CISSP, OSCP, CEH, or CSSLP are a plus but not required.

Passion for Benevitys mission and a drive to help secure a platform that enables social Impact

Role & responsibilities

10+ years of experience in application security, product security, or software engineering with a strong security focus. Expertise in web and API security, cloud security (AWS, Azure, or GCP), and modern authentication protocols (OAuth, SAML). Hands-on experience with secure coding practices, threat modeling, and vulnerability management. Proficiency in security tools such as SAST, DAST, IAST, RASP, and WAFs. Familiarity with container security (Docker, Kubernetes) and Infrastructure as Code (IaC) security. Strong understanding of cryptography, identity and access management (IAM), and application-layer defenses. Experience driving security initiatives in an agile, DevOps, or cloud-native environment. Certifications such as CISSP, OSCP, GIAC, or CSSLP are a plus. Passion for Benevitys mission and a strong desire to protect platforms that empower social impact