Application Security Engineer

Key Skills: OWASP, SAS, DAS

Roles and Responsibilities:

• Conduct vulnerability assessments, penetration testing, and source code reviews.
• Automate technical tasks in CI/CD through the use of APIs or tools.
• Perform application source code security reviews for APIs, middleware, and frontends in Java, Python, Node.js, etc.
• Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms including Web, iOS, Android, and cloud platforms.
• Perform SAST & DAST and improve the Software Development Life Cycle (SDLC).
• Develop solution architecture and blueprints based on business technology and security objectives.
• Research and maintain secure coding guidelines.
• Conduct Security Architecture and Low-Level Application Security Design reviews involving Data Protection, Authentication and Authorizations, Web Application Security, and Network Security.
• Collaborate with product teams to achieve cybersecurity objectives.
• Maintain an active understanding of industry practices for secure software development and incident response.
• Standardize and maximize automation in the CI/CD pipeline.
• Utilize application security testing tools such as BurpSuite, OWASP ZAP, SQLMap, and Kali.
• Engage in bug bounties and responsible disclosure awards.

Skills Required:

• Proficiency in OWASP security standards and vulnerability mitigation
• Experience with DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing)
• Knowledge of secure coding practices across languages like Java, Python, Node.js
• Familiarity with application security tools: BurpSuite, OWASP ZAP, SQLMap, Kali
• Ability to perform penetration testing, source code reviews, and security design assessments
• Understanding of CI/CD security integration and automation

Education: B.E., B.Tech, B.Tech M.Tech (Dual), M.Tech, M.E