Application Security Engineer

Key Skills: SAS, DAS, OWASP

Roles and Responsibilities:

• Conduct vulnerability assessments, penetration testing, and source code reviews.
• Automate technical tasks in CI/CD through the use of APIs or tools.
• Perform application source code security reviews for APIs, middleware, and frontends in Java, Python, Node.js, etc.
• Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms including Web, iOS, Android, and cloud platforms.
• Perform SAST & DAST and enhance the software development lifecycle (SDLC).
• Develop solution architecture and blueprints based on business technology and security objectives.
• Research and maintain secure coding guidelines.
• Conduct Security Architecture and Low-Level Application Security Design reviews focusing on Data Protection, Authentication and Authorizations, Web Application Security, and Network Security.
• Collaborate with product teams to build secure products and achieve cybersecurity objectives.
• Maintain an active understanding of industry practices for secure software development and incident response.
• Demonstrate a willingness to unlearn and relearn cybersecurity practices in a Cloud Native- DevOps Only environment.

Skills Required:

• Strong hands-on experience with DAS (Dynamic Application Security) and SAS (Static Application Security) tools
• Familiarity with OWASP Top 10, secure coding principles, and web application security
• Experience in penetration testing, source code review, and DevSecOps automation
• Expertise in performing SAST/DAST, and securing APIs, frontends, and middleware
• Knowledge of Java, Python, Node.js security vulnerabilities and remediation
• Familiarity with CI/CD security automation, cloud-native security practices, and incident response frameworks

Education: B.E., B.Tech, M.Tech (Dual), M.Tech, M.E.