Application Security Analyst

Company Description

Finnable is a rapidly growing financial technology (Fintech) start-up dedicated to providing hassle-free personal loans to salaried professionals within a minute. Founded by experienced ex-bankers and successful entrepreneurs, Finnable leverages deep financial technology expertise to improve the financial well-being of salaried individuals. The company aims to address financial inequality by offering accessible, innovative solutions that help employees lead less stressful and more productive lives. With a mission to make financial services fairer, Finnable strives to empower millions of salaried earners with better financial opportunities.

We are looking for a Product & Application Security Analyst to work closely with product, engineering, DevOps, and cloud teams to identify security risks early in the software development lifecycle and help build secure, resilient applications. The role will be responsible for threat modeling, application security reviews, vulnerability management, secure SDLC support, and security guidance for product and engineering teams.

• Perform security reviews of product features, APIs, web applications, and backend services.
• Conduct threat modeling for new features, architecture changes, and high-risk releases.
• Support application security testing including SAST, DAST, dependency scanning, and secrets scanning.
• Track vulnerabilities from identification to remediation and closure.
• Review authentication, authorization, session management, input validation, and data protection controls.
• Partner with engineering teams to improve secure coding practices and remediate issues.
• Support DevSecOps integration and security checks in CI/CD pipelines.
• Assist in application-related incident analysis and root cause tracking.
• Support security documentation, metrics, and audit evidence related to product security.
• Review security of third-party integrations and product-related vendors.
  

• 23 years of experience in application security, product security, or security engineering.
• Strong understanding of OWASP Top 10 and common web/API vulnerabilities.
• Knowledge of authentication, authorization, sessions, and secure API design.
• Experience with vulnerability management and remediation tracking.
• Understanding of SDLC, CI/CD, and secure development practices.
• Good communication skills and ability to work with engineering teams.

• Experience with Burp Suite or similar security testing tools.
• Exposure to SAST, DAST, dependency scanning, or secrets scanning tools.
• Knowledge of AWS/cloud security basics.
• Familiarity with secure code review.
• Scripting knowledge such as Python/Bash.
• Experience in fintech, payments, or regulated environments.