Role Overview :-
We are looking for an Application Security Engineer with 2–3 years of hands-on experience to manage the end-to-end application security process across web, mobile, and API-based applications. The role involves executing application VAPT, coordinating with stakeholders and AppSec vendors, and ensuring timely vulnerability remediation and closure.
Key Responsibilities:-
- Perform Application VAPT (Web, Mobile, and API).
- Conduct API security testing using automated and manual techniques.
- Ensure vulnerabilities are remediated within defined SLAs.
- Coordinate with development, DevOps, and business teams for timely issue closure.
- Manage and coordinate AppSec testing with external vendors (scoping, execution, report review)
- Validate vendor findings and eliminate false positives.
- Maintain vulnerability dashboards, metrics, and management reports. Knowledge of tools like JIRA etc.
- Support Secure SDLC initiatives and application onboarding processes.
- (Added Advantage) Support security automation in CI/CD pipelines (SAST, DAST, SCA, API scanning).
Required Skills:-
- 2–3 years of hands-on experience in Application Security / VAPT.
- Strong understanding of OWASP Top 10 and OWASP API Security Top 10.
- Experience in Web, Mobile, and API security testing.
- Hands-on experience with tools such as Burp Suite, Postman, OWASP ZAP or similar.
- Good understanding of REST APIs, authentication mechanisms (OAuth, JWT, API Keys)
