Role - Application Security EngineerExperience - 4+YrsLocation - BangaloreKey ResponsibilitiesInternal VAPT & Security Testing● Execute internal VAPT on web applications, APIs, and React Native mobile applications, focusing on real-world attack paths.● Perform authenticated and authorization-focused testing, including BOLA/IDOR, broken access control, and session abuse.● Validate scanner results and provide reproducible evidence such as PoCs, request/response traces, and impact narratives.DAST Program Support● Improve DAST scanning reliability and signal quality by managing scope definition, scan profiles, and false positives.● Produce verified, developer-actionable outputs for the monthly DAST cadence.● Maintain stable test credentials and safe scanning practices for Tier-0/Tier-1 applications in coordination with the DAST owner.Secure SDLC & DevSecOps Enablement● Support security checks integrated into GitHub Actions, including secrets scanning and dependency hygiene.● Provide practical remediation guidance and secure coding recommendations for Node/React/Next and API services.● Develop reusable developer guidance, such as secure patterns and verification scripts, to reduce vulnerability recurrence.Triage, Verification & Mobile Security● Triage findings from SAST, SCA, and DAST sources to ensure high-confidence issuesreach engineering.● Verify fixes and ensure closure quality for high-risk issues.● Perform mobile security testing, including API endpoint discovery, secure storage assessments, and deep link validation.External VAPT & Bug Bounty Support● Prepare scope, test accounts, and validation assistance for external VAPT execution.● Assist in retest verification for external findings.● Support bug bounty readiness through triage playbooks and severity assessment guidance.Qualifications & Experience● Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Security,or equivalent practical experience.● Experience: 3–5+ years in application security, product security, or penetration testingwith strong hands-on skills.● Technical Testing: Demonstrated experience in web application and API securitytesting; mobile security experience is strongly preferred.● Tooling: Proficiency with at least two of the following: Accunetix, Burp Suite, OWASPZAP, SonarQube (or other SAST tools), dependency scanning, or secrets scanningtools.Technical Knowledge & Skills● Deep understanding of OWASP Top 10 and API security risks (BOLA/IDOR, massassignment, rate-limit abuse).● Strong grasp of authentication and authorization models, including JWT, OIDC, andsession handling.● Working knowledge of DevSecOps practices and embedding security testing into CIworkflows (GitHub Actions).● Ability to build reproducible proofs and utilize scripting (Python/Node) for lightautomation.● Familiarity with Cloudflare WAF/API Shield and API gateway architectures (Kong/AWSAPI Gateway) is a plus.
Job Title
Senior Security Engineer