Senior Application Security Engineer

3 weeks ago


Bengaluru, Karnataka, India DigiCert Full time
Job Description

Who we are

We&aposre a leading, global security authority that&aposs disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world&aposs largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. That&aposs digital trust for the real world.

Job summary

As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company&aposs web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.

What you will do

- Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.
- Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.
- Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.
- Perform and coordinate manual and automated code reviews.
- Lead threat modeling exercises across engineering teams.
- Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.
- Contribute to internal security tooling development or integration.
- Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.
- Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.
- Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.
- Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.
- Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.
- Assist with managing bug bounty program.
- Develop program documentation to promote operational stability and scalability.
- Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.
- Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC
- Drive and support security identified remediation efforts.
- Foster and promote a security-forward culture.
- Mentor junior team members.
- Other duties and responsibilities, as assigned.

What you will have

- Minimum of 5 years of experience in cybersecurity, with a focus on web application security and secure SDLC.
- Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell
- Experience in penetration testing
- Bachelors or masters degree in computer science, cybersecurity, or a related field.
- Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.
- Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.
- Excellent communication skills with the ability to engage technical and non-technical stakeholders.
- Strong analytical and problem-solving abilities, with a meticulous attention to detail.
- Advanced level of knowledge of Information Security design concepts and principles

Nice to have

- Master&aposs degree in a technical discipline
- Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.
- Experience working in highly regulated environments.
- Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)
- Certified Information Systems Auditor (CISA)
- AWS Solutions Architect

Benefits

- Generous time off policies
- Top shelf benefits
- Education, wellness and lifestyle support

  • Bengaluru, Karnataka, India Safe Security Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    At SAFE Security, our mission is bold and ambitious: We Will Build CyberAGI — a super-specialized system of intelligence that autonomously predicts, detects, and remediates threats. This isn't just a vision—it's the future we're building every day, with the best minds in AI, cybersecurity, and risk. At SAFE, we empower individuals and teams with the...


  • Bengaluru, Karnataka, India Safe Security Full time ₹ 5,00,000 - ₹ 15,00,000 per year

    At SAFE Security, our mission is bold and ambitious: We Will Build CyberAGI — a super-specialized system of intelligence that autonomously predicts, detects, and remediates threats. This isn't just a vision—it's the future we're building every day, with the best minds in AI, cybersecurity, and risk. At SAFE, we empower individuals and teams with the...


  • Bengaluru, Karnataka, India Safe Security Full time ₹ 6,00,000 - ₹ 18,00,000 per year

    At SAFE Security, our mission is bold and ambitious:We Will Build CyberAGI— a super-specialized system of intelligence that autonomously predicts, detects, and remediates threats. This isn't just a vision—it's the future we're building every day, with the best minds in AI, cybersecurity, and risk. At SAFE, we empower individuals and teams with the...


  • Bengaluru, Karnataka, India Postman Full time ₹ 7,00,000 - ₹ 12,00,000 per year

    Who Are We?Postman is the world's leading API platform, used by more than 40 million developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better...


  • Bengaluru, Karnataka, India Postman Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Who Are We?Postman is the world's leading API platform, used by more than 40 million developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better...


  • Bengaluru, Karnataka, India Black Duck Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and...


  • Bengaluru, Karnataka, India Edge Executive Search Full time

    Our client is a global leader in the aviation sector, driving a digital-first transformation powered by cloud technologies, data innovation, and machine learning. With a bold vision to redefine how data empowers smarter decisions, they are building a modern engineering ecosystem that fuels business agility and growth at scale.At the heart of this journey is...


  • Bengaluru, Karnataka, India Black Duck Software, Inc. Full time ₹ 20,00,000 - ₹ 25,00,000 per year

    Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and...


  • Bengaluru, Karnataka, India Tide Platform Full time

    ABOUT TIDE At Tide we are building a finance platform designed to save small businesses time and money We provide our members with business accounts and related banking services but also a comprehensive set of connected administrative solutions from invoicing to accounting Launched in 2017 Tide is now used by over 1 million small businesses...


  • Bengaluru, Karnataka, India Rubrik Security Cloud Full time ₹ 20,00,000 - ₹ 25,00,000 per year

    About the team Product Security Team: Securing Rubrik's PlatformThe Product Security Engineering team is responsible for building innovative security-focused features and frameworks for large scale data management products. We are looking for a senior manager to lead two engineering teams (Shield - IAM and Shield - Platform) composed of talented software...