<p><p><b>Role Summary : </b><br/><br/></p><p>We are looking for an experienced and technically skilled <b>Application Security Engineer</b> to strengthen our cybersecurity posture.
The ideal candidate should possess a solid understanding of application-level vulnerabilities, secure code practices, and vulnerability management tools.
</p><p><br/></p><p>You will be responsible for conducting in-depth assessments, secure code reviews, and supporting development teams to remediate findings in alignment with security standards.</p><br/><p><b>Key Responsibilities : </b><br/><br/></p><p>- Safeguard the Confidentiality, Integrity, and Availability of the organization's application ecosystem.<br/><br/></p><p>- Perform Vulnerability Assessment and Penetration Testing (VAPT) for Web, Mobile, and API components using both open-source and commercial tools.<br/><br/></p><p>- Conduct secure code reviews to identify critical flaws and provide remediation guidance to development teams.<br/><br/></p><p>- Lead manual penetration testing and demonstrate proof-of-concept exploits.<br/><br/></p><p>- Guide developers and QA teams in interpreting security findings and applying fixes aligned with secure SDLC practices.<br/><br/></p><p>- Collaborate with DevOps teams to integrate security into CI/CD pipelines.<br/><br/></p><p>- Maintain compliance with PCI DSS and other regulatory/security standards.<br/><br/></p><p>- Drive continuous improvements in security test plans, test cases, and internal security frameworks.</p><br/><p><b>Technical Skills Required : </b><br/><br/></p><p>- 3+ years of hands-on experience in Application Security.<br/><br/></p><p>- Proficient in VAPT (Static & Dynamic Analysis) for Web, API, and Mobile applications.<br/><br/></p><p>- Strong experience with secure code review tools like Fortify, Coverity, Checkmarx.<br/><br/></p><p>- Familiarity with DevSecOps and CI/CD pipeline security integration.<br/><br/></p><p>- Hands-on with tools like Burp Suite, Nessus, Postman, SoapUI, Metasploit.<br/><br/></p><p>- Understanding of WAFs, API gateways, and secure protocol practices.<br/><br/></p><p>- Development/scripting knowledge in Java, JavaScript, AngularJS, or Python.<br/><br/></p><p>- Experience using JIRA for issue tracking and defect Preferred : </b>OSCP, OSWE, CEH, GWEB or similar security Skills : </b><br/><br/></p><p>- Strong communication and documentation skills.<br/><br/></p><p>- Ability to work independently and collaboratively.<br/><br/></p><p>- Must be proactive, with an ownership mindset and attention to : </b>Andheri (W), Mumbai, Note : </b></p><p><br/></p>- Candidates currently residing in Mumbai should apply.<br/><br/></p><p>- Candidates who are Immediate Joiners or have 30 Days' Notice Period will be considered.</p><br/></p> (ref:hirist.tech)