Equiti is a pioneering fintech firm and world-class provider of multi-asset fintech products - from liquidity solutions to in-house tech hubs to online trading platforms. With over 400 global specialists in 9 languages, Equiti provides clients with access to individual, professional, and institutional brokerage services in Europe, the Middle East, and Africa.
At Equiti, we believe that financial opportunities can unlock potential for everyone, everywhere. We're on a mission to deliver accessible online trading products around the world through education and accessibility.
Think finance is stuffy Think again.
We see Equiti as a new breed of broker, and we are on the lookout for talented individuals who can perform and excel in a dynamic and innovative working environment. Our Information Security department would like to welcome a detail-oriented.
Senior Application Security Engineer in our office in Bangalore.
The Senior Application Security Engineer is responsible for identifying, assessing, and remediating security vulnerabilities across the organization's application portfolio. This role combines hands-on penetration testing, static and software composition analysis, vulnerability management automation, and governance of security debt. The engineer works closely with development, infrastructure, and GRC teams to embed security into the software development lifecycle and maintain a strong security posture.
Key Responsibilities
- Conduct manual and automated application security assessments, including web application penetration testing, API security testing, and mobile application reviews
- Perform in-depth security testing using Burp Suite Professional (including extensions, active/passive scanning, and manual exploitation techniques)
- Manage and operate Semgrep as the primary SAST and SCA tool, including rule tuning, custom rule development, and CI/CD pipeline integration
- Triage vulnerabilities identified through SAST, SCA, and DAST tools; validate findings, assess risk, and communicate remediation guidance to development teams
- Support the Vulnerability Management (VM) program by developing automation around Qualys for internal and external vulnerability scanning and asset discovery
- Leverage Shodan for external attack surface monitoring and reconnaissance to identify exposed assets and misconfigurations
- Drive the governance process for vulnerability remediation, ensuring alignment with the Digital Ocean Security Debt framework, including tracking, prioritization, and escalation of security debt items
- Collaborate with engineering teams to provide secure coding guidance and support remediation efforts throughout the SDLC
- Produce clear, actionable security assessment reports with risk ratings, evidence, and remediation recommendations
- Conduct infrastructure penetration testing leveraging offensive security skills to assess internal and external network environments, Active Directory, and cloud infrastructure
- Support the establishment and management of the organization's bug bounty program, including platform configuration, submission triage, researcher engagement, and coordination of remediation with development teams
- Stay current with emerging threats, vulnerabilities, and attack techniques relevant to web applications and cloud-native environments
Experience Requirements
- 5+ years experience in application security, penetration testing, or security engineering
- Demonstrated expertise with Burp Suite Professional for web application security testing
- Hands-on experience with SAST/SCA tools, including triage workflows and remediation advisory
- Experience with vulnerability management platforms and external reconnaissance tools
- Strong understanding of OWASP Top 10, CWE, and CVSS scoring methodologies
- Familiarity with governance frameworks for security debt management
- Preferred certifications: OSCP, OSWE, GWAPT, BSCP (Burp Suite Certified Practitioner) or equivalent
- Offensive security experience in infrastructure penetration testing (network, Active Directory, cloud) is highly desirable
- Experience with bug bounty programs (e.g., HackerOne, Bugcrowd), either as a researcher or program manager, is a strong plus to support emerging organizational initiatives
Perks
Each of our offices has its special perks; be it no ties, free lunches, charity events, or a hybrid work policy – but whenever you walk into an Equiti office, you're sure to see a friendly face. We encourage international collaborations and always keep our eyes open to how we can do more.
The benefits you can expect at your Equiti workplace include:
- Competitive salary package
- Performance-based bonus
- Medical insurance coverage for employees and family members
- Smart working options
- Employee wellness initiatives
- Personalized career development
- Company lunch in the office
- Regular company events
With energy, drive, and imagination, there's no limit to where your career can go at Equiti. With a diverse workforce and geographical spread of offices, we strongly support career development initiatives as well as provide a range of opportunities for professional and life experiences.
Equiti is an equal opportunity employer.
Equiti refers to a group of companies consisting of seven regulated financial services companies licensed to operate in the respective jurisdictions of their incorporation, in addition to our tech and marketing hubs. Equiti has presence in Africa, Europe, and the Middle East.
