Application Security Engineer

Bengaluru, India Entry Posted 2025-11-12

Don't apply into the void — reach the hiring manager

ResuMail finds the recruiters and hiring managers behind this Application Security Engineer role at DigiCert, drafts a personalised outreach email, and schedules the send — so your application actually gets seen.

Reach the hiring manager ›

About this role

<div class="content-intro">Who we are DigiCert is a global leader in intelligent trust. We protect the digital world by ensuring the security, privacy, and authenticity of every interaction. Our AI-powered DigiCert ONE platform unifies PKI, DNS, and certificate lifecycle management, to secure infrastructure, software, devices, messages, AI content and agents. Learn why more than 100,000 organizations, including 90% of the Fortune 500, choose DigiCert to stop today’s threats and prepare for a quantum-safe future at <a href="http://www.digicert.com/">www.digicert.com</a></div>Job summary As an Application Security Engineer within our cybersecurity team, you will help safeguard the company’s web applications and services by supporting the integration of security practices into the Software Development Life Cycle (SDLC). You will collaborate with development, DevOps, and security teams to identify, assess, and remediate vulnerabilities, contribute to secure coding practices, and assist in implementing DevSecOps tooling and processes. This role is ideal for someone with a strong technical foundation who is eager to grow within the product/application security space.   What you will do <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Support the integration of security controls and best practices across various phases of the SDLC.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Assist in security assessments, including static and dynamic code analysis, open-source dependency analysis, and limited penetration testing.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Participate in manual and automated code reviews to identify potential vulnerabilities and coding flaws.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Collaborate with software engineers to promote secure development practices, including the use of security testing tools in CI/CD pipelines.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Contribute to the evaluation, deployment, and tuning of DevSecOps tools such as SAST, DAST, and SCA platforms.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Help maintain secure deployment workflows and support security automation efforts.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Participate in cross-functional security reviews of new features and systems with guidance from senior engineers.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Stay up to date on current security threats, vulnerabilities, and best practices in application security.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Assist with triaging vulnerabilities from internal scans, bug bounty submissions, or external assessments.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Document processes and playbooks to support consistent and scalable security practices.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Provide input to the development of internal security standards and reference architectures.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Support remediation efforts in collaboration with engineering teams.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Participate in promoting a security-first culture across the organization.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Other duties and responsibilities as assigned.</li> </ul>   What you will have <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Bachelor’s degree in computer science, cybersecurity, or a related technical field.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">2+ years of experience in cybersecurity, software engineering, or DevOps, with at least 1+ years focused on application or product security.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience with programming/scripting languages such as Python, JavaScript, or Java.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Familiarity with DevSecOps tools (SAST, DAST, SCA) and secure SDLC methodologies. - nice to have if they have a solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE).</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE) and remediation strategies.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Ability to analyze code and spot security issues with guidance.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong communication and collaboration skills.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong attention to detail and willingness to learn new technologies.</li> </ul>   Nice to have <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Hands-on experience with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins).</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Familiarity with security standards and frameworks such as NIST, OWASP SAMM, ISO 27001, or PCI DSS.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience working in a regulated environment (e.g., financial services, healthcare, or government).</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Professional certifications such as Security+, CEH, eJPT, or equivalent (OSCP or similar preferred but not required).</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Exposure to cloud platforms such as AWS, Azure, or GCP.</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience contributing to or managing a bug bounty triage process.</li> </ul>   Benefits <ul> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Generous time off policies</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Top shelf benefits</li> <li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Education, wellness and lifestyle support</li> </ul>   #LI-SS1

How to get this job at DigiCert

Don't rely on the portal. Cold applications for a role like Application Security Engineer land in a pile of hundreds. A direct, personalised message to the hiring manager or a referrer is the fastest way in.
Find the right person. ResuMail surfaces the actual recruiters and hiring managers at DigiCert — not a generic careers inbox.
Send tailored outreach. ResuMail drafts an email personalised to your resume and this role, then paces and schedules sends so you stay out of spam.
Follow up. One polite nudge after 5–7 days roughly doubles reply rates — scheduled for you.

Reach DigiCert's hiring managers today.

Free to start. No credit card. Built for Indian job seekers.

Start free with ResuMail ›