Application Security Engineer

About Us

We are a leading global financial technology company transforming how the securities finance industry trades, settles, and analyzes data. Our award-winning Trading, Post-Trade, Data & Analytics, RegTech, and SaaS solutions power efficiency, transparency, and innovation for over 200 of the world's top financial institutions. Every month, our platform supports over $2.4 trillion in executed transactions, a testament to our technology's impact and reliability.

With offices across North America, UK&I, and APAC, we bring together diverse teams of technologists, data experts, and business professionals who thrive on solving complex challenges at scale. We are Great Place to Work Certified in the US, UK, Ireland, and India and have been recognized for Diversity & Inclusion excellence as well as for being the Best Post-Trade Service Provider and Best Market Data Provider Globally (Securities Finance Times Industry Excellence Awards,

Founded in 2001 by ten of the world's leading financial institutions, we continue to shape the future of securities finance under the majority ownership of Welsh, Carson, Anderson & Stowe (WCAS) alongside founding shareholders and customers including Bank of America, Bank of New York, BlackRock, Goldman Sachs, Morgan Stanley, National Bank of Canada, State Street, UBS and Wells Fargo.

Join us and be part of a company where global impact, innovation, and collaboration define how we work and what we build.

About the role

We are looking for an Application Security Engineer to join us in our Bangalore office. In this role, you will help strengthen our security posture across our entire product suite.

You will be part of a collaborative and growing security team, ensuring our applications are designed, built, and deployed securely from the ground up. Working closely with our Development, DevOps, QA, and Cloud Security teams, you will embed security into every phase of our Software Development Lifecycle (SDLC) and contribute directly to EquiLend's Attack Surface Management (ASM) initiatives.

This is an excellent opportunity to have a meaningful impact in a global technology-driven financial organization.

What you'll do

• Operate and manage our BlackDuck platforms for Static Application Security Testing (SAST) and Software Composition Analysis (SCA) to assess code quality and open-source component risks.
• Configure and execute Rapid7 InsightAppSec Dynamic Application Security Testing (DAST) scans; validate findings, prioritize risks, and support remediation with development teams.
• Integrate security tools into CI/CD pipelines (GitHub, Jenkins, Terraform, Kubernetes) to enable continuous and automated security testing.
• Support the creation and maintenance of secure coding guidelines, threat models, and application security standards.
• Conduct targeted penetration testing and manual validation of vulnerabilities identified by automated tools.
• Contribute to our Attack Surface Management program by identifying and reducing exposed assets and risks.
• Collaborate with DevOps and Infrastructure teams to ensure secure configuration baselines and timely remediation of identified vulnerabilities.
• Track and report application security metrics, including vulnerability trends and remediation timelines.
• Deliver security awareness sessions and hands-on guidance to developers, focusing on common vulnerabilities such as those in the OWASP Top 10.

What we're looking for

• 3-5 years of experience in application security, vulnerability management, or a related discipline.
• Hands-on experience with SAST, SCA, and DAST tools such as BlackDuck, Rapid7 InsightAppSec, SonarQube, Veracode, or Burp Suite.
• Strong understanding of web and cloud application architectures, including Java, .NET, Python, REST APIs, microservices, Kubernetes, and AWS.
• Familiarity with secure SDLC practices and integration of security within DevSecOps workflows.
• Sound knowledge of OWASP Top 10, CWE/SANS Top 25, and common application security flaws.
• Strong communication and collaboration skills, with the ability to influence secure development practices across teams.
• Experience with penetration testing or ASM platforms is beneficial.
• Cloud security knowledge (AWS security services, IAM, container security) is a plus.
• Certifications such as OSWE, GWAPT, GCSA, or equivalent are desirable.
• Bachelor's degree in Computer Science, Information Security, or a related field.

Benefits

• Variable Pay: Annual performance related variable pay award on top of your fixed CTC to reward your performance and contributions to the company's success.
• Hybrid Working: Our hybrid work policy requires all employees to work from the office approximately 3 days per week (50 work from home days per 6 months annually).
• Generous Vacation Days Per Year: Take advantage of paid vacation days annually, plus public bank holidays.
• Family Health Insurance Coverage: Comprehensive health insurance coverage for you and your dependents available from your first day.
• Personal Accidental Injury Insurance: Feel secure with personal accidental injury insurance provided from the start of your employment.
• Annual Team Building Retreat: Participate in an annual team-building retreat at a new and exciting location each year
• Relocation Assistance: If you're relocating from more than 40 miles away, we provide hotel accommodation and travel ticket reimbursement to help ensure a smooth transition.

Diversity & Inclusion

At EquiLend, we are committed to fostering an inclusive and diverse workplace where everyone is respected and valued. We believe that a variety of perspectives drives innovation and strengthens our success. If you require any reasonable accommodations during the interview process, please let us know - we're here to support you.