Application Security Engineer - 3

About Us

Exotel is a leading provider of AI transformation solutions for enterprise customer engagement and experience. With over 20 billion annual conversations across omnichannel, voice, agents, and bots, Exotel is trusted by 7,000+ clients worldwide, spanning industries such as BFSI, Logistics, Consumer Durables, E-commerce, Healthcare, and Education. Customer expectations are evolving rapidly, and businesses face the challenge of balancing revenue growth, cost optimisation, and exceptional CX. Exotel steps in as the transformative partner, delivering AI-powered communication solutions that address all three - enabling businesses to engage smarter, faster, and better.

About the Role

As our Application Security Engineer, you will get to work on the security of our apps/services - Web, Mobile and API-based at Scale. Implementing granular security controls at various points of the Secure Software Development Lifecycle.

The Goal is to build Seamless Security. We want you to redefine how developers view security, eliminating friction and improving Security natively.

You will work closely with other Security functions,Infra , Architects and Developers to build highly reliable and secure products.

Responsibilities

. Threat modeling experience for any Web/Mobile/API Application/Service, prior experienceof 1-2 years is desirable.

• Expertise in 1 or more of the following areas:-

• API Security

• Web Application Security

• Mobile Application Security

. Assist the Application Security Lead in Secure by Design reference architectures forDeveloper adoption- Secure Architecture frameworks.

. Build the SCA(Software Composition Analysis) map for all the third party dependencyusage at Scale and prioritize vulnerabilities based on EPSS,CISA KEV.

. Vulnerability Identification and Remediation with focus on vulnerability prioritization usingEPSS,CISA KEV

. Build a robust SSDLC pipeline and envision frictionless experience for Developers in thelifecycle. Including but not limited to SAST , DAST and other Security tools in the lifecycle.

Work on findings evaluation, prioritization and fix/mitigate at scale.

. Implement Data Security standard and work with Engineering to work on Sensitive Data leakage.

. Work on providing proactive Security Best practice evaluation and enforcement for thirdparty applications (COTS-Commercial-Off-the-Shelf) .

. Contribute to the Security Champions program training modules.

. Work with Cloud Security to improve Web App Firewalls (WAF) fine tuning for applications/services at use at Exotel.

. Work on Security Incidents for Applications/Services across the ecosystem.

Requirements

. Overall 5-7 years of relevant experience

. Bachelor's degree in Computer Science or a related technical discipline, or equivalentpractical experience.

. Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization. PriorExperience in solving any of OWASP Top 10 highly desirable.

. Good understanding of Linux and Windows OS, TCP/IP protocol stack and networkingfundamentals, and security principles at all layers of the OSI stack

. Experience with API security, network security, cryptography, PKI, certificate management,

. Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar

. Knowledge and experience in web application security testing, vulnerability assessment,penetration testing, and generating reports using tools like Burp Suite, Paros, AppScan,Wireshark, Nmap, and Nessus.

. Advanced Expertise in at least one language, Shell scripting/Python/Go/NodeJS