Application Security Engineer

5 days ago

Bhandup Mumbai Maharashtra, India PageNTRA Infosec PVT LTD Full time ₹ 4,50,000 - ₹ 10,00,000 per year

Role Summary

Application Security Engineer (VAPT & API Security) will be responsible for protecting our clients' web applications and APIs by serving as the subject matter expert (SME) for our Web Application Firewall (WAF) service. This role requires a strong offensive security mindset to conduct comprehensive vulnerability assessments, translate findings into effective WAF rules, and continuously tune policies to maintain a robust defense against emerging threats.

Key Responsibilities

Vulnerability Assessment (VA) & API Security

  • Perform Vulnerability Assessments and light Penetration Testing on client web applications and APIs to identify critical security flaws.
  • Deeply understand and provide effective mitigation strategies for common vulnerabilities, including the OWASP Top 10 and OWASP API Security Top 10.
  • Evaluate and ensure the security of modern API architectures, including REST and GraphQL, focusing on authentication (e.g., OAuth, JWT), authorization (BOLA/BFLA), and proper data handling.
  • Collaborate with application development and DevOps teams to advise on secure coding practices and security architecture improvements.

WAF Management & Rule Tuning

  • Design, implement, and manage custom security policies and rulesets across various WAF platforms (e.g., Cloudflare, Akamai, AWS WAF, ModSecurity) for diverse client applications.
  • Proactively tune and optimize WAF policies to minimize False Positives (FPs) while ensuring high-fidelity threat detection and blocking.
  • Conduct forensic analysis of WAF logs and security events to identify new attack vectors, bypassed rules, and adjust mitigations accordingly.
  • Stay current with the latest CVEs and threat intelligence and rapidly deploy compensating WAF controls.

Required Qualifications and Skills

Foundational Expertise

  • 4+ years of experience in an Application Security, Penetration Testing, or Security Engineering role.
  • Expert-level knowledge of HTTP/HTTPS protocols, TCP/IP, and TLS/SSL.
  • Proficiency with security tools such as Burp Suite Professional, OWASP ZAP, and various vulnerability scanners.
  • Solid understanding of common attack techniques (SQLi, XSS, SSRF, Deserialization, XXE, Command Injection).

WAF & API Specific Skills (The Core)

  • Mandatory: Proven hands-on experience in writing, customizing, and tuning WAF rules (e.g., ModSecurity/Coraza Rule Language, WAF custom policy language).
  • Strong understanding of API security mechanisms and vulnerabilities (e.g., broken object level authorization - BOLA, excessive data exposure).
  • Experience with cloud security platforms and WAF offerings in major environments (AWS, Azure, GCP).

Desirable (Nice-to-Have) Skills

  • Industry certifications such as OSCP, CEH, CISSP, GWEB, or relevant cloud certifications.
  • Experience with Bot Management and Layer 7 DDoS mitigation strategies.
  • Familiarity with container security and microservices architecture.
  • Experience in a client-facing service provider environment.

Job Type: Full-time

Pay: ₹450, ₹1,000,000.00 per year

Work Location: In person

  • Application Security Engineer

    3 days ago

    Mumbai, Maharashtra, India Security Lit Full time ₹ 8,00,000 - ₹ 12,00,000 per year

    Job Description: Application Security Engineer (L1)Role OverviewWe are looking for an Application Security Engineer (L1) to join our security team. This is an entry-level position requiring at least 1 year of hands-on experience in application security testing. You will work on identifying and reporting vulnerabilities across web, mobile, API, and thick...

  • Application Security Engineer

    7 days ago

    Mumbai, Maharashtra, India Security Lit Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    Job Description: Application Security Engineer (L2)Role OverviewWe are seeking an experienced Application Security Engineer (L2) to take a lead role in our security testing team. This role requires of 3 year experience (first priority will be given to more than 4 year experience resources for selection) and mandates professional security certifications. You...

  • Senior Security Engineer

    4 days ago

    Mumbai, India TAC Security Full time

    Job descriptionAs a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...

  • Senior Security Engineer

    2 days ago

    Mumbai, India TAC Security Full time

    Job descriptionAs a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...

  • Senior Security Engineer

    4 days ago

    Mumbai, India TAC Security Full time

    Job description As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...

  • Senior Security Engineer

    2 days ago

    Mumbai, India TAC Security Full time

    Job description As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...

  • Senior Security Engineer

    2 weeks ago

    mumbai, India TAC Security Full time

    Job description As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...

  • Senior Security Engineer

    15 hours ago

    Mumbai, India TAC Security Full time

    Job description As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...

  • Senior Security Engineer

    2 weeks ago

    Mumbai, Maharashtra, India TAC Security Full time ₹ 6,00,000 - ₹ 18,00,000 per year

    Job descriptionAs a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and...

  • TAC Security

    1 week ago

    Mumbai, India TAC Security Full time

    Job Description :As a Security Engineer VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems...