Application Security Engineer

About ALLEN Digital: At ALLEN Digital, we spearhead a technology-driven approach to education, leveraging top-tier tech talent from leading technology firms. Through our strategic collaboration with Bodhi Tree Systems, a prominent venture capital firm known for building & scaling tech-first brands, we are revolutionizing education with a tech-first approach.We address two critical challenges in the current education landscape: the need for more emphasis on holistic learning and adopting a one-size-fits-all approach. We are leveraging AI to develop an innovative ed-tech platform to provide students with a compelling end-to-end learning experience. Our goal is to transform education by providing personalized learning experiences that transcend traditional classrooms by catering to individual learning needs and to drive significant improvements in learning outcomes.Staff Engineer - Application SecurityWe are seeking a highly experienced Staff Engineer in Application Security to join our team. The ideal candidate will play a critical role in ensuring our applications are secure and comply with the Indian Data Protection and Privacy (DPDP) laws. This position requires a deep understanding of application security principles, regulatory compliance, and hands-on technical expertiseKey ResponsibilitiesApplication Security ManagementDesign, implement, and maintain robust security measures for our applicationsConduct regular security assessments, penetration testing, and code reviewsDevelop and enforce security policies, standards, and best practicesCompliance and GovernanceEnsure all applications comply with Indian DPDP laws and other relevant regulationsMonitor and stay updated with changes in data protection laws and regulationsCollaborate with legal and compliance teams to address regulatory requirementsSecurity Architecture and EngineeringArchitect and design secure software solutions that adhere to industry standards and regulatory requirementsImplement secure coding practices and provide guidance to development teamsEvaluate and recommend security tools and technologies to enhance application securityIncident Response and Risk ManagementLead incident response activities related to application security breachesPerform risk assessments and manage security vulnerabilitiesDevelop and execute mitigation strategies to address identified risksLeadership and CollaborationProvide technical leadership and mentorship to junior security engineersProvide domain-specific expertise, overall security leadership and perspective to cross- organization projects, programs, and activitiesCollaborate with cross-functional teams including development, IT, and legal to ensure security and complianceRepresent the security team in meetings and discussions with senior managementRequired Qualification:Educatio n: Bachelor’s or Master’s degree in Computer Science, Information Security, or a related fieldExperienc e: At least 8+ years of experience in application security, with a focus on compliance with data protection laws such as the Indian DPDPTechnical SkillProficiency in secure coding practices, threat modeling, and security architectureStrong knowledge of security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Veracode)Experience with cloud security (AWS, Azure, GCP) and securing containerized environments (Docker, KubernetesFamiliarity with regulatory requirements and frameworks (ISO 27001, NIST, GDPR)Certification s: Relevant security certifications such as CISSP, CSSLP, CEH, or equivalent are highly desirablePreferred QualificationExperience in the fintech or healthcare industry, where data protection is criticalHands-on experience with security automation and DevSecOps practicesKnowledge of emerging technologies such as AI/ML in the context of security