Security Engineer

Role - Application Security Engineer

Experience - 4+Yrs

Location - Bangalore

Key Responsibilities

Internal VAPT & Security Testing

Execute internal VAPT on web applications, APIs, and React Native mobile applications, focusing on real-world attack paths.

Perform authenticated and authorization-focused testing, including BOLA/IDOR, broken access control, and session abuse.

Validate scanner results and provide reproducible evidence such as PoCs, request/response traces, and impact narratives.

DAST Program Support

Improve DAST scanning reliability and signal quality by managing scope definition, scan profiles, and false positives.

Produce verified, developer-actionable outputs for the monthly DAST cadence.

Maintain stable test credentials and safe scanning practices for Tier-0/Tier-1 applications in coordination with the DAST owner.

Secure SDLC & DevSecOps Enablement

Support security checks integrated into GitHub Actions, including secrets scanning and dependency hygiene.

Provide practical remediation guidance and secure coding recommendations for Node/React/Next and API services.

Develop reusable developer guidance, such as secure patterns and verification scripts, to reduce vulnerability recurrence.

Triage, Verification & Mobile Security

Triage findings from SAST, SCA, and DAST sources to ensure high-confidence issues

reach engineering.

Verify fixes and ensure closure quality for high-risk issues.

Perform mobile security testing, including API endpoint discovery, secure storage

assessments, and deep link validation.

External VAPT & Bug Bounty Support

Prepare scope, test accounts, and validation assistance for external VAPT execution.

Assist in retest verification for external findings.

Support bug bounty readiness through triage playbooks and severity assessment

guidance.

Qualifications & Experience

Education: Bachelor's degree in Computer Science, Cybersecurity, Information Security,or equivalent practical experience.

Experience: 35+ years in application security, product security, or penetration testing with strong hands-on skills.

Technical Testing: Demonstrated experience in web application and API security testing; mobile security experience is strongly preferred.

Tooling: Proficiency with at least two of the following: Accunetix, Burp Suite, OWASP ZAP, SonarQube (or other SAST tools), dependency scanning, or secrets scanning

tools.