Senior Application Security Specialist

Role: Senior Security Specialist

Location : Bangalore

Working Model : Hybrid

Final Round Interview : F2F

Summary of essential job functions

The overall responsibility of the team is to provide assurance to the management on the Information Security, Compliance and Risk Management of the organization globally. The candidate would be expected to lead security assessments of Products and Infrastructure globally.

Education, Certification and Experience:

• Qualification Required: Bachelor/Master's degree in Computer/ Information science, Software

Engineering, Cybersecurity, or a related field

• Certification preferred: OSCP, OSWE, OSEP, ECSA|LPT, CPT, CEH
• Minimum experience: 08-10 years in Vulnerability Assessment and Penetration Testing- Thin & Thick Client, API , Infrastructure, Cloud, Mobile

Competency Requirements:

Performs a combination of duties in accordance with departmental guidelines:

• Hands-on experience in Vulnerability Assessment (VA) and Penetration Testing (PT) for Web, APIs, AI/ML models, Mobile , Network, and Infrastructure.
• Strong command of OWASP Top 10 with practical knowledge of attack vectors and mitigation

strategies.

• Familiarity with industry standards and frameworks such as OSSTMM, OQASP, CESG, CREST,

NIST, ISSAF, and PTES.

• Expertise in Secure Development Lifecycle (SDLC), including Threat Modeling, Secure Coding

Practices, and Security Assessments.

• Proficient in both Static and Dynamic Application Security Testing (SAST, DAST, IAST), and

Software Composition Analysis (SCA).

• Experience conducting secure code reviews and identifying logic flaws in code bases written in Java, .NET, C/C++, Python, etc.
• Knowledge of cryptographic protocols, secure communication, data security and key management.
• Hands-on with commercial and open-source tools: Burp Suite, OWASP ZAP, Acunetix, AppSpider,SQLMap, Nmap, Metasploit, Nessus, OpenVAS, Fortify, Checkmarx, Veracode, SonarQube, NexusIQ and Snyk.
• Proficient in assessing mobile applications (thick/hybrid clients) using tools like Dex2jar, ADB, Frida.
• Exposure to AuthN/AuthZ protocols such as OAuth, SAML, OIDC; ability to read, write, and interpret application logic.
• Familiarity with vulnerability standards: CVSS, CVE, CWE, CAPEC; and patch management lifecycle.
• Experience automating tasks via shell scripting and Python/Ruby/Php etc.
• Proficiency in secure code development and reviewing DAST/SAST reports across languages.
• Understanding security aspects in AWS, Azure, and GCP including IAM, VPC/VNet, S3/Blob storage, API gateway, Load Balancers, WAF, Containers (Docker), and Kubernetes.
• Experience in infrastructure/network penetration testing and exploitation techniques on Windows/Linux environments.
• Experience in mentoring, leading teams, and managing security assessments under tight deadlines.
• Manage third-party security assessments, including vendor risk evaluations, engagement oversight, and ensuring compliance with organizational security standards.
• Proven ability to provide technical oversight and drive engagement quality across security projects.
• Exposure to agile/scrum development methodologies and ability to work with cross-functional teams.
• Familiarity with security standards like PCI DSS, SOC, ISO 27001.
• Participation in bug bounty program and CTFs is a strong plus.
• Proactive learning approach, staying updated with evolving cybersecurity trends and technologies.

Job Responsibilities:

• Plan, conduct, and close end-to-end Vulnerability Assessments and Penetration Tests for Web Applications, APIs, Mobile Apps, Thick Clients, Infrastructure, and Cloud environments.
• Perform both manual and automated security assessments to identify, validate, and prioritize vulnerabilities.
• Review application code in various programming languages and provide actionable remediation recommendations.
• Reproduce reported vulnerabilities with proof-of-concept (PoC) and assess associated risks.
• Evaluate new security tools and products for adoption and integration.
• Guide development teams on Secure Coding standards and OWASP-aligned practices.
• Lead and contribute to secure SDLC processes, threat modeling workshops, and risk reviews.
• Manage and triage security bugs from Bug Bounty programs, working closely with engineering teams to ensure timely resolution.
• Maintain and improve the security posture of applications across business units, aligning with best practices.
• Act as a security advisor on project teams, influencing architecture and design decisions.
• Drive security awareness initiatives and conduct training sessions for developers and QA teams.
• Update and maintain InfoSec policies and procedures in line with emerging threats, technologies, and compliance requirements; provide support to both internal and external auditors during security assessments and audits.

Other Requirements:

• Strong ethics and understanding of ethics in business and information security.
• Proficiency in English (both written and oral communication skills).
• Ability to complete tasks and deliver professionally written reports for clients.
• Ability to present findings to technical staff and executives.
• Ability to interact with 247 internal stakeholders to review their requirements.
• Should be able to think "out of the box" and implement new attack vectors.
• Self-motivated, curious, knowledgeable pertaining to news and current events