Application security

Exp - 5 ys

About the Opportunity:

Experienced Application Security Engineer to join a growing information security team responsible for securing next-generation, cloud-native financial technology systems, in the Chennai India. As our Senior Application Security Engineer, you will be responsible for owning application security program. This role will entail delivering application security standards and solutions, driving engineering teams to evolve towards a DevSecOps model, building security automation wherever possible, and serving as formidable force for the secure by default vision across the enterprise. This role will have abundant opportunities to challenge the status-quo and work with cutting-edge technologies, tools, and platforms across all 2 major cloud providers (Azure, GCP).

What your day-to-day will look like:

• Develop and update application security standards, secure coding principles, and threat modeling processes.
• Maintaining CI/CD integrated application security solutions, web application firewall technologies, and related
• Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance.
• Integrate and mature application security testing and controls into different phases of teams development lifecycles.
• Coordinate application security program metrics and reporting.
• Support ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system.
• Develop application security training methods and mentoring of security champions.
• Partner with third party vendors to deliver software security tools and services.
• Coordinate and partner with third party offensive security (manual pen test) engagements.
• Provide expert consultation on application security requirements and best practices in relation to vulnerability scanning and secure application design.
• Partner closely on security operations tasks with cross-functional teammates in Information Security, IT, DevOps, Engineering, and Quality Assurance.
• Engage with product owners, project managers and developers to integrate security best practices into product design.
• Working Model : 16/5.

We'd love to hear from you if you have:

• Extensive combined hands-on experience in application security and software development.
• Experience building, deploying, and maturing CI/CD integrated application security tools.
• Solid understanding of web-based application technologies, web services/APIs, web-based authentication/single sign-on protocol and technologies.
• Deep experience working with various development technologies including programming languages/frameworks supporting both backend and frontend development, source control management systems, and CI/CD tooling.
• Ability to read and understand code at a high-level across most common programming languages, with any C#, Java, Javascript and NodeJS experience a plus.
• Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies.
• Fundamental understanding of major cloud providers (Azure, GCP).
• Strong knowledge of software security risks and threats (OWASP top 10).
• Familiarity with secure by design and shift left security principles.
• Strong understanding of development methodologies, particularly Agile and DevOps.
• Able to explain impact of vulnerabilities and mitigating strategies to both technical and non-technical stakeholders.
• Capable taking ownership of the application security function, ability to work independently with minimal guidance and act as coach to other team members as necessary.
• Strong communication & interpersonal skills, and experience working cross-functionally with various teams--this will be critical to success in this role.