Application Security Engineer

About ALLEN Digital:At ALLEN Digital, we spearhead a technology-driven approach to education, leveraging top-tier tech talent from leading technology firms. Through our strategic collaboration with Bodhi Tree Systems, a prominent venture capital firm known for building & scaling tech-first brands, we are revolutionizing education with a tech-first approach.We address two critical challenges in the current education landscape: the need for more emphasis on holistic learning and adopting a one-size-fits-all approach. We are leveraging AI to develop an innovative ed-tech platform to provide students with a compelling end-to-end learning experience. Our goal is to transform education by providing personalized learning experiences that transcend traditional classrooms by catering to individual learning needs and to drive significant improvements in learning outcomes.Staff Engineer - Application SecurityWe are seeking a highly experienced Staff Engineer in Application Security to join our team. The ideal candidate will play a critical role in ensuring our applications are secure and comply with the Indian Data Protection and Privacy (DPDP) laws. This position requires a deep understanding of application security principles, regulatory compliance, and hands-on technical expertiseKey ResponsibilitiesApplication Security Management- Design, implement, and maintain robust security measures for our applications- Conduct regular security assessments, penetration testing, and code reviews- Develop and enforce security policies, standards, and best practicesCompliance and Governance- Ensure all applications comply with Indian DPDP laws and other relevant regulations- Monitor and stay updated with changes in data protection laws and regulations- Collaborate with legal and compliance teams to address regulatory requirementsSecurity Architecture and Engineering- Architect and design secure software solutions that adhere to industry standards and regulatory requirements- Implement secure coding practices and provide guidance to development teams- Evaluate and recommend security tools and technologies to enhance application securityIncident Response and Risk Management- Lead incident response activities related to application security breaches- Perform risk assessments and manage security vulnerabilities- Develop and execute mitigation strategies to address identified risksLeadership and Collaboration- Provide technical leadership and mentorship to junior security engineers- Provide domain-specific expertise, overall security leadership and perspective to cross- organization projects, programs, and activities- Collaborate with cross-functional teams including development, IT, and legal to ensure security and compliance- Represent the security team in meetings and discussions with senior managementRequired Qualification:- Education: Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field- Experience: At least 8+ years of experience in application security, with a focus on compliance with data protection laws such as the Indian DPDPTechnical Skill- Proficiency in secure coding practices, threat modeling, and security architecture- Strong knowledge of security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Veracode)- Experience with cloud security (AWS, Azure, GCP) and securing containerized environments (Docker, Kubernetes- Familiarity with regulatory requirements and frameworks (ISO 27001, NIST, GDPR)- Certifications: Relevant security certifications such as CISSP, CSSLP, CEH, or equivalent are highly desirablePreferred Qualification- Experience in the fintech or healthcare industry, where data protection is critical- Hands-on experience with security automation and DevSecOps practices- Knowledge of emerging technologies such as AI/ML in the context of security