Application Security Engineer

Job Description About Us We are a leading global financial technology company transforming how the securities finance industry trades, settles, and analyzes data. Our award-winning Trading, Post-Trade, Data & Analytics, RegTech, and SaaS solutions power efficiency, transparency, and innovation for over 200 of the world's top financial institutions. Every month, our platform supports over $2.4 trillion in executed transactions, a testament to our technology's impact and reliability. With offices across North America, UK&I, and APAC, we bring together diverse teams of technologists, data experts, and business professionals who thrive on solving complex challenges at scale. We are Great Place to Work Certified in the US, UK, Ireland, and India and have been recognized for Diversity & Inclusion excellence as well as for being the Best Post-Trade Service Provider and Best Market Data Provider Globally (Securities Finance Times Industry Excellence Awards, 2023). Founded in 2001 by ten of the world's leading financial institutions, we continue to shape the future of securities finance under the majority ownership of Welsh, Carson, Anderson & Stowe (WCAS) alongside founding shareholders and customers including Bank of America, Bank of New York, BlackRock, Goldman Sachs, Morgan Stanley, National Bank of Canada, State Street, UBS and Wells Fargo. Join us and be part of a company where global impact, innovation, and collaboration define how we work and what we build. About The Role We are looking for an Application Security Engineer to join us in our Bangalore office. In this role, you will directly strengthen the security posture of our global product suite by operating core AppSec platforms, validating vulnerabilities, and embedding security throughout the Software Development Lifecycle (SDLC). You will work closely with Development, DevOps, QA, and Cloud Security teams to ensure our applications are designed, built, and deployed securely. A key part of the role involves hands-on SAST/SCA/DAST operations, manual vulnerability validation, remediation guidance, and driving secure coding practices across engineering teams. This is an excellent opportunity to have meaningful impact in a technology-driven financial organisation, contributing directly to EquiLend's Attack Surface Management (ASM) initiatives. What You'll Do - Operate and manage Black Duck for Static Application Security Testing (SAST) and Software Composition Analysis (SCA), including triage, validation, reporting, and developer remediation support. - Configure and execute Rapid7 InsightAppSec Dynamic Application Security Testing (DAST) scans; manually validate findings, reduce false positives, and support teams through remediation. - Integrate SAST, SCA, and DAST tooling into CI/CD pipelines (GitHub, Jenkins, Terraform, Kubernetes) to enable continuous and automated security testing. - Perform secure code reviews, contribute to secure coding guidelines, and support application security standards. - Conduct targeted penetration testing and manual validation of vulnerabilities identified by automated scanning tools. - Contribute to EquiLend's Attack Surface Management (ASM) programme by identifying exposed assets and helping reduce application-layer risk. - Partner with DevOps and Infrastructure teams to ensure secure configuration baselines and timely remediation of vulnerabilities. - Track and report key AppSec metrics, including vulnerability trends, SLAs, and programme effectiveness. - Deliver security awareness sessions and provide hands-on guidance to developers, with a focus on common vulnerabilities (e.g. OWASP Top 10 and CWE Top 25). What We're Looking For - 3-5 years of hands-on Application Security experience with responsibility for vulnerability triage, manual validation, and supporting remediation within engineering teams. - Direct experience with Black Duck and Rapid7 InsightAppSec, or equivalent proven experience with enterprise-grade SAST/SCA/DAST tools. - Strong background in secure SDLC practices, including source code review, threat modelling, and integrating security tooling into DevSecOps workflows. - Solid understanding of web and cloud application architectures (Java, .NET, Python, REST APIs, microservices). - Knowledge of AWS security fundamentals, IAM concepts, and container security is beneficial. - Demonstrated ability to validate complex vulnerabilities (e.g. IDOR, auth bypass, SSRF, deserialisation, API flaws) beyond automated scanner output. - Familiarity with ASM concepts and vulnerability management workflows in enterprise environments. - Excellent communication and collaboration skills with the ability to influence developers and drive secure coding practices. - Bachelor's degree in Computer Science, Information Security, or a related field. - Certifications such as OSWE, GWAPT, GCSA, or equivalent are advantageous. Benefits - Variable Pay: Annual performance related variable pay award on top of your fixed CTC to reward your performance and contributions to the company's success. - Hybrid Working: Our hybrid work policy requires all employees to work from the office approximately 3 days per week (50 work from home days per 6 months annually). - Generous Vacation Days Per Year: Take advantage of paid vacation days annually, plus public bank holidays. - Family Health Insurance Coverage: Comprehensive health insurance coverage for you and your dependents available from your first day. - Personal Accidental Injury Insurance: Feel secure with personal accidental injury insurance provided from the start of your employment. - Annual Team Building Retreat: Participate in an annual team-building retreat at a new and exciting location each year - Relocation Assistance: If you're relocating from more than 40 miles away, we provide hotel accommodation and travel ticket reimbursement to help ensure a smooth transition. Diversity & Inclusion At EquiLend, we are committed to fostering an inclusive and diverse workplace where everyone is respected and valued. We believe that a variety of perspectives drives innovation and strengthens our success. If you require any reasonable accommodations during the interview process, please let us know - we're here to support you.