Job Title

Position Overview We are seeking a skilled and motivated Senior Application Security Engineer to join our AppSec team. The ideal candidate will work closely with developers, DevOps, and security professionals to ensure that our applications—web, mobile, and APIs—are secure by design, resilient against threats, and compliant with industry standards. This role involves hands-on security assessments, secure coding guidance, and collaboration across teams to embed security into the software development lifecycle (SDLC).Key Responsibilities • Conduct web application security assessments including code reviews, penetration testing, and vulnerability analysis. • Perform Android application security testing, including reverse engineering, static/dynamic analysis, and secure mobile app design reviews. • Assess and secure APIs and microservices, ensuring proper authentication, authorization, and data protection. • Collaborate with development teams to integrate security controls into CI/CD pipelines. • Identify, triage, and remediate vulnerabilities across web, mobile, and API ecosystems. • Provide secure coding training and guidance to developers. • Work with product and engineering teams to ensure security requirements are defined and implemented. • Monitor and respond to emerging threats and vulnerabilities relevant to our technology stack. • Contribute to security tooling and automation for vulnerability detection and remediation. • Document findings, create reports, and communicate risks effectively to both technical and non-technical stakeholders.Required Qualifications • Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). • 4–6 years of experience in application security, penetration testing, or secure software development. • Strong knowledge of OWASP Top 10 (Web, Mobile, API) and common application vulnerabilities. • Hands-on experience with web application security testing tools (Burp Suite, ZAP, etc.). • Familiarity with Android security testing frameworks (MobSF, Drozer, Frida). • Experience with API security testing (Postman, OWASP API Security Top 10). • Proficiency in at least one programming language (e.g., Java, Python, JavaScript, Go). • Understanding of DevSecOps practices and CI/CD pipelines.Preferred Qualifications • Relevant certifications such as OSWE, OSCP, CEH, GWAPT, CSSLP. • Experience with cloud security (AWS, Azure, GCP). • Knowledge of container security (Docker, Kubernetes). • Strong communication and collaboration skills