Application Security Engineer - API or Web or Mobile Security - Mumbai - Immediate Joiners

Role Summary:

We are looking for an experienced and technically skilled Application Security Engineer to strengthen our cybersecurity posture. The ideal candidate should possess a solid understanding of application-level vulnerabilities, secure code practices, and vulnerability management tools. You will be responsible for conducting in-depth assessments, secure code reviews, and supporting development teams to remediate findings in alignment with security standards.

Key Responsibilities:

• Safeguard the Confidentiality, Integrity, and Availability of the organization's application ecosystem.
• Perform Vulnerability Assessment and Penetration Testing (VAPT) for Web, Mobile, and API components using both open-source and commercial tools.
• Conduct secure code reviews to identify critical flaws and provide remediation guidance to development teams.
• Lead manual penetration testing and demonstrate proof-of-concept exploits.
• Guide developers and QA teams in interpreting security findings and applying fixes aligned with secure SDLC practices.
• Collaborate with DevOps teams to integrate security into CI/CD pipelines.
• Maintain compliance with PCI DSS and other regulatory/security standards.
• Drive continuous improvements in security test plans, test cases, and internal security frameworks.

Technical Skills Required:

• 3+ years of hands-on experience in Application Security.
• Proficient in VAPT (Static & Dynamic Analysis) for Web, API, and Mobile applications.
• Strong experience with secure code review tools like Fortify, Coverity, Checkmarx.
• Familiarity with DevSecOps and CI/CD pipeline security integration.
• Hands-on with tools like Burp Suite, Nessus, Postman, SoapUI, Metasploit.
• Understanding of WAFs, API gateways, and secure protocol practices.
• Development/scripting knowledge in Java, JavaScript, AngularJS, or Python.
• Experience using JIRA for issue tracking and defect logging.

Certifications Preferred:

OSCP, OSWE, CEH, GWEB or similar security certifications.

Soft Skills:

1. Strong communication and documentation skills.
2. Ability to work independently and collaboratively.
3. Must be proactive, with an ownership mindset and attention to detail.

Location:

Andheri (W), Mumbai, Maharashtra 

Kindly note:

1. Candidates currently based in Mumbai should apply. 
2. Prior experience in the Fintech or BFSI industry will be strongly preferred.