Senior Application Security Engineer

Required Qualifications (Must-Haves):

• Experience: Graduate with 3+ years of hands-on experience in Application Security, Product Security, or a similar software security role.

• Technical Acumen:
• Strong ability to read, review, and reason about code in one or more modern programming languages used in our stack (e.g., Python, Go, Java, JavaScript/TypeScript).
• Deep understanding of common web, API and mobile application vulnerabilities (OWASP Top 10) and their mitigation.
• Hands-on experience with security tools like Burp Suite, Semgrep, Frida, Jadx, Ghidra or similar SAST/DAST/SCA solutions.
• Familiarity with cloud environments (AWS, GCP, or Azure) and their security principles.
• Knowledge of modern authentication and authorization protocols like JWT, OAuth, SAML and OpenID Connect.
• Familiarity with fundamental cryptographic principles.
• Exposure to AI/ML security risks, including testing AI agents, chatbots, and LLM-based applications (e.g., prompt injection, output handling, model abuse).
• Communication: Excellent written and verbal communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
• Problem-Solving: Strong analytical and problem-solving skills with a pragmatic, risk-based approach to security.

Preferred Qualifications (Nice-to-Haves)

• Experience building security automation and integrating tools into CI/CD pipelines
• Familiarity with LLM security topics such as OWASP Top 10 for LLMs, agent security, RAG pipeline attacks, and jailbreak research.
• Proven experience running or contributing to a bug bounty program.
• Relevant security certifications are a plus (OSCP, OSWE, eWPT, eWPTX, GWAPT etc.).
• Track record of contributions to the security community (e.g., blogs, talks, open-source tools, CVEs).