Application Security Engineer

Role - Application Security Engineer

Experience - 4-7 yrs

Location - Bangalore

Qualifications & Experience

● Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security, or equivalent practical experience.

● Experience: 3–5+ years in application security, product security, or penetration testing with strong hands-on skills.

● Technical Testing: Demonstrated experience in web application and API security testing; mobile security experience is strongly preferred.

● Tooling: Proficiency with at least two of the following: Accunetix, Burp Suite, OWASP ZAP SonarQube (or other SAST tools), dependency scanning, or secrets scanning

tools.

Technical Knowledge & Skills

● Deep understanding of OWASP Top 10 and API security risks (BOLA/IDOR, mass assignment, rate-limit abuse).

● Strong grasp of authentication and authorization models, including JWT, OIDC, and session handling.

● Working knowledge of DevSecOps practices and embedding security testing into CI workflows (GitHub Actions).

● Ability to build reproducible proofs and utilize scripting (Python/Node) for light automation.

● Familiarity with Cloudflare WAF/API Shield and API gateway architectures (Kong/AWS API Gateway) is a plus.