Associate II, Information Security Engineer

We are seeking an experienced Information Security Engineer with a strong background in secure software development practices, application security testing, vulnerability management and Information Security Compliances. The ideal candidate will be responsible for ensuring that security is integrated across the software development lifecycle (SDLC) and will actively collaborate with development, DevOps, and product teams to mitigate application-level risks.

Responsibilities:

Application Security

• Perform comprehensive application security assessments, including Static Application Security Testing (SAST) Pen testing, Dynamic Application Security Testing (DAST), and API security testing across enterprise applications.
• Review and analyse source code to identify and remediate security vulnerabilities.
• Collaborate with development teams to integrate security best practices in the SDLC and provide secure coding guidance.
• Lead and support remediation efforts by providing actionable recommendations and retesting fixes.
• Conduct manual and automated web application and API penetration tests to uncover business logic and security flaws.
• Develop and maintain security testing checklists, processes, and internal documentation.
• Track and report vulnerabilities, ensuring timely closure in collaboration with development and product owners.
• Participate in threat modelling sessions and help teams prioritize risks based on severity and business impact.
• Stay current with emerging threats, vulnerabilities, attack vectors, and security technologies to proactively improve application security posture.

Information Security Compliance:

• Ensure compliance with relevant security standards and regulations, including ISO 27001, NIST Standard, risk management
• Develop and maintain security documentation and procedures.
• Assist with external security audits and assessments.
• Stay up to date on the latest security threats and vulnerabilities.

Other Duties:

• Provide security consulting and support to other teams.
• Evaluate and recommend new security technologies and solutions.
• Participate in security awareness training and initiatives.
• Understanding of Technology & Security Risk Management and Vendor Risk Management Framework

Technical Skills and Capabilities (Primary – Must Have):

• 4-5 years' experience working in IT Security in multiple capacities.
• Hands-on experience with application security tools such as Burp Suite, IBM AppScan, Acunetix, HP WebInspect, NTOSpider, Postman, and others.
• Strong expertise in manual and automated web application security testing and a deep understanding of OWASP Top 10 and business logic vulnerabilities.
• Solid experience testing RESTful and SOAP APIs, analyzing request/response flows, and validating secure implementation.
• Strong knowledge of secure coding principles, common attack vectors (OWASP, SANS Top 25, WASC), and mitigation techniques.
• Familiarity with CI/CD pipelines and integrating security testing into DevOps workflows (preferred).
• Proficiency in both Black Box and White Box testing methodologies.

Certifications (Preferred):

• Certified Ethical Hacker (CEH), OSCP, eWPT, or equivalent security certifications are preferred.
• Certification like ISO 27001, CISA, CRISC, CISM, CISSP etc. would be an added advantage.

Competencies:

• The ability to multitask, act under pressure and quickly identify and deal with priority matters under tight deadlines. Attention to detail is essential.
• The ability to handle multiple inquiries at any one time, often under considerable deadline pressure.

Desired Skills:

• Strong analytical and problem-solving skills with the ability to prioritize and manage multiple tasks.
• Excellent communication skills – capable of articulating technical issues and recommendations clearly to both technical and business stakeholders.
• Demonstrated ownership and accountability – proactive in identifying issues, taking initiative, and driving closure.
• Ability to work independently as well as in a cross-functional team environment

The Location: Gurgaon, India