Senior Application Security Engineer

Junior Application Security Consultant AppScan Professional Services

Role Overview

We are seeking a Junior Application Security Consultant to support the deployment and operation of HCL AppScan solutions within a large banking environment. The consultant will work as part of the AppScan Professional Services team, supporting the customer's application security program by assisting with security scanning operations, vulnerability analysis, and DevSecOps integration activities.

This role involves long-term onsite engagement with the banking customer in Mumbai and close collaboration with application development teams, security teams, and DevSecOps engineers.

Key Responsibilities

Application Security Scanning

• Execute Static Application Security Testing (SAST) scans using HCL AppScan.
• Execute Dynamic Application Security Testing (DAST) scans against web applications.
• Perform Software Composition Analysis (SCA) scans to identify vulnerable open-source components.
• Monitor scheduled scans and troubleshoot scan execution issues.

Vulnerability Analysis & Reporting

• Review and triage vulnerabilities identified during security scans.
• Assist development teams in understanding reported vulnerabilities.
• Generate and distribute vulnerability reports and remediation summaries.
• Track remediation progress and validate fixes through rescan activities.

DevSecOps Integration Support

• Assist with integrating AppScan scanning into CI/CD pipelines.
• Support application teams with scan execution in build pipelines.
• Help maintain scanning workflows within DevSecOps environments.

Customer Engagement

• Act as a technical liaison between the customer and the AppScan Professional Services team.
• Provide guidance to development teams on interpreting scan results.
• Participate in regular status meetings with customer stakeholders.

Operational Support

• Monitor AppScan platform usage and ensure scanning operations run smoothly.
• Assist with onboarding new applications into the scanning program.
• Document scanning procedures and maintain operational runbooks.

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field.
• 13 years of experience in application security, security testing, or DevSecOps.
• Basic understanding of web application architecture and APIs.
• Familiarity with OWASP Top 10 vulnerabilities.
• Experience with web technologies (HTTP, REST APIs, JSON, XML).
• Understanding of CI/CD pipelines and modern development workflows.
• Strong analytical and problem-solving skills.

Preferred Skills

• Experience with HCL AppScan, DAST, SAST, or similar tools (Checkmarx, Veracode, Fortify, etc.).
• Knowledge of secure coding practices.
• Familiarity with Java, .NET, or modern web frameworks.
• Exposure to cloud environments or container platforms.
• Experience working in financial services or regulated environments.

Key Competencies

• Strong communication skills with both technical and non-technical stakeholders.
• Ability to work independently in a customer-facing onsite role.
• Attention to detail in vulnerability analysis and reporting.
• Ability to manage multiple applications and scan schedules simultaneously.

Work Environment

• Full-time onsite deployment at a banking customer location in Mumbai.
• Collaboration with global AppScan Professional Services teams.
• Exposure to enterprise-scale application security programs.