Application Security Engineer

Dezerv is a house of investing solutions for high-net-worth and affluent Indians. Dezerv is co-founded by Sandeep Jethwani, Vaibhav Porwal, and Sahil Contractor. They have led successful wealth management businesses and managed over USD 7 billion in assets. The Dezerv team brings together decades of investing expertise from leading global financial institutions like JP Morgan, UBS, BNP Paribas, etc. Our team of experts monitors the performance of portfolios and rebalance them if required to ensure long-term success. We are backed by marquee firms like Premji Invest, Accel, Elevation, Matrix, etc. Since inception, our clients have trusted us with over 12000+ Crs of their assets.Why are we building Dezerv?Investing is stressful and emotional. Building & growing wealth is difficult and time-consuming. Most individuals struggle with managing their investments and money. Our goal is to help individuals grow their wealth without the stress, time, and costs involved in a traditional investment. At Dezerv, we are building a platform that leverages our decades of investment expertise to help individuals invest better for their future.What are we trying to solve/mission?We are passionate about helping Indians invest better. We manage investments with active oversight to help both sophisticated and new investors build long-term wealth across various market conditions.About the TeamWe are seeking a highly motivated and experienced Application Security Lead to join our dynamic team in Bangalore. In this critical role, you will be the champion for product security, taking a comprehensive and proactive approach to safeguarding our applications and infrastructure. You will be responsible for the security of our web and mobile platforms.Key Responsibilities:Product Security Ownership: Take end-to-end ownership of the security of our web and mobile applications, built with technologies like React and Flutter.Application Penetration Testing: Conduct regular and in-depth penetration testing of our web and mobile applications to identify and remediate vulnerabilities.Secure SDLC & DevSecOps: Champion and integrate security seamlessly into the entire DevOps deployment process. Design, implement, and manage a robust DevSecOps pipeline, automating security testing (SAST, DAST, IAST, SCA) to provide fast feedback to developers.Mobile Application Security: Implement and enforce security best practices for our Flutter and React-based mobile applications, including secure data storage, secure network communication, and code obfuscation.Threat Modeling: Conduct threat modeling exercises to identify potential security risks and design effective mitigation strategies.Security Champion & Advocate: Act as the go-to person for all application security matters. Mentor and train developers on secure coding practices and create a strong security-aware culture within the engineering team.Incident Response: Develop and maintain an incident response plan for application security incidents. Lead the response to any security breaches, conduct post-mortem analysis, and implement corrective actions.Vulnerability Management: Manage the lifecycle of identified vulnerabilities, from discovery to remediation, ensuring timely patching and reporting.Required Skills and Experience:Experience: 3-5 years of relevant experience in application security, with a proven track record in a fast-paced environment. Experience in regulated sectors (like finance or fintech) is highly welcome.Penetration Testing: Extensive hands-on experience in both manual and automated penetration testing of web and mobile applications.Application Architecture: Strong understanding of application architecture principles and the ability to identify security flaws at the design level.Cloud Security (AWS): In-depth knowledge of AWS security services and best practices. Hands-on experience with CSPM and CWPP tools is a must.DevSecOps: Proven experience in building and managing a DevSecOps pipeline, with a deep understanding of the DevOps deployment process and how to effectively embed security controls within CI/CD workflows.Mobile Security: Demonstrable experience in securing mobile applications, particularly those built with Flutter and React.Programming & Scripting: Proficiency in at least one scripting language (e.g., Python, Bash) for automation and a good understanding of the languages used in our stack (e.g., JavaScript, Dart).Security Tools: Hands-on experience with a variety of security tools for SAST, DAST, SCA, and infrastructure scanning.Certifications: Professional security certifications are preferred, in the following order: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM).Communication: Excellent communication and interpersonal skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.Who You Are:You are passionate about security and technology.You are a proactive problem-solver with a "builder" mindset.You thrive in a collaborative, fast-paced startup environment.You are a strong advocate for security best practices.You are eager to learn and adapt to new technologies and challenges.Why Join Us?Be a part of a mission-driven company that is changing the landscape of wealth management in India.Work with a talented and passionate team in a collaborative environment.Opportunity to have a significant impact and take ownership of product security.Competitive salary and benefits package.