Senior Security Engineer - Application Security

Job Title: Senior Security Engineer - Application Security   About the Role We are looking for a Security Engineer – Application Security to join our Cyber Security team and help strengthen the security posture of our web, mobile, and API ecosystems. In this role, you will work closely with engineering, product, and infrastructure teams to identify vulnerabilities, conduct security assessments, and integrate security into every stage of the software development lifecycle. You will play a key role in proactively preventing security risks and ensuring secure application development practices across the organization.   What You’ll Do Application Security & VAPT Conduct vulnerability assessments and penetration testing for web applications, APIs, and internal platforms Identify, classify, and report vulnerabilities with actionable remediation guidance Perform security validation and retesting after fixes are implemented Threat Modelling & Risk Assessment Perform threat modelling for new features, workflows, and architectural changes Identify attack surfaces, trust boundaries, and potential abuse scenarios Conduct pre-release security assessments and provide risk-based recommendations Secure SDLC Implementation Embed security checkpoints into the software development lifecycle Participate in architecture reviews and design discussions from a security perspective Define and enforce security requirements before production releases Collaborate with engineering teams to ensure secure coding and deployment practices Web & API Security Perform security testing on web applications and APIs Assess vulnerabilities related to authentication, authorization, injection attacks, business logic flaws, and insecure configurations Validate security controls for REST APIs and backend services Conduct manual security reviews for critical application modules Mobile Application Security Perform static and dynamic security analysis of Android and iOS applications Identify risks related to insecure storage, reverse engineering, API communication, and mobile authentication flows Conduct security testing of mobile APIs and application logic SAST & Code Security Triage and validate findings from SAST tools such as Semgrep, GitHub Advanced Security, or SonarQube Work with developers to remediate confirmed vulnerabilities Conduct secure code reviews for authentication flows, payment systems, and sensitive data handling modules Developer Collaboration & Security Enablement Act as a security point-of-contact for engineering and feature teams Provide clear guidance on security best practices and vulnerability remediation Support developers in understanding application security risks and secure coding patterns Security Documentation & Reporting Maintain VAPT reports, vulnerability trackers, and security documentation Document findings, remediation plans, and risk assessments clearly and accurately Contribute to security playbooks, standards, and internal knowledge sharing   What We’re Looking For Application Security Expertise 2 to 4 years of experience in application security, penetration testing, or related cybersecurity roles Strong understanding of OWASP Top 10 and common web application vulnerabilities Experience identifying vulnerabilities such as XSS, SQL Injection, SSRF, IDOR, and authentication flaws Security Testing Skills Hands-on experience with tools such as Burp Suite, OWASP ZAP, or equivalent Experience with API security testing and authentication validation Familiarity with SAST tools such as Semgrep, GitHub Advanced Security, or SonarQube Mobile Security Understanding Knowledge of Android and/or iOS application security concepts Familiarity with static and dynamic mobile application analysis techniques Programming & Technical Skills Proficiency in at least one programming language such as Python, Java, JavaScript, or Go Understanding of secure coding practices and common vulnerability patterns Knowledge of OAuth, JWT, session management, and modern authentication mechanisms Communication & Collaboration Strong documentation and reporting skills Ability to explain security findings clearly to developers and stakeholders Strong collaboration skills with product and engineering teams   Nice to Have Experience with mobile security tools such as MobSF, Frida, Objection, or Jadx Familiarity with threat modelling frameworks such as STRIDE, DREAD, or PASTA Exposure to CI/CD pipelines and integrated security scanning workflows Experience with bug bounty programs or Capture The Flag (CTF) competitions Basic understanding of AWS or GCP cloud environments Relevant certifications such as CEH, eWPT, OSCP, or CompTIA Security+ Tools & Technologies Security Testing: Burp Suite, OWASP ZAP SAST Tools: Semgrep, GitHub Advanced Security, SonarQube Mobile Security: MobSF, Frida, Objection, Jadx API Testing: Postman, REST API Security Tools Languages: Python, Java, JavaScript, Go Security Frameworks: OWASP Top 10, STRIDE, DREAD, PASTA Cloud Platforms: AWS, GCP   Why You’ll Love Working With Us Opportunity to secure large-scale web and mobile platforms Work closely with engineering teams to build secure-by-design systems Exposure to modern application security practices and tooling High-impact role in improving organizational security posture Collaborative and security-focused engineering culture Strong learning and growth opportunities across cybersecurity domains   Role Details Position: Security Engineer - Application Security Employment Type: Full-Time Experience Level: Mid-Level Location: Bengaluru, Karnataka (On-site)       Disclaimer: This job description is intended to outline the general nature and key responsibilities of the position. It is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the role. The responsibilities and qualifications described may be subject to change, and other duties may be assigned as needed. Employment is at-will, meaning the employee or the employer may terminate the employment relationship at any time, with or without cause, and with or without notice. Data Utilization Disclaimer: By applying for this position, you acknowledge and agree that any personal data you provide may be used for recruitment and employment purposes. The data collected will be stored and processed in accordance with our privacy policy and applicable data protection laws. Your information will only be shared with relevant internal stakeholders and will not be disclosed to third parties without your consent, unless required by law.