Associate Ii, Information Security Engineer

Responsibilities:

Application Security

• Perform comprehensive application security assessments, includingStatic Application Security Testing (SAST) Pen testing,Dynamic Application Security Testing (DAST), andAPI security testingacross enterprise applications.
• Review and analyse source code to identify and remediate security vulnerabilities.
• Collaborate with development teams to integrate security best practices in the SDLC and provide secure coding guidance.
• Lead and support remediation efforts by providing actionable recommendations and retesting fixes.
• Conduct manual and automated web application and API penetration tests to uncover business logic and security flaws.
• Develop and maintain security testing checklists, processes, and internal documentation.
• Track and report vulnerabilities, ensuring timely closure in collaboration with development and product owners.
• Participate in threat modelling sessions and help teams prioritize risks based on severity and business impact.
• Stay current with emerging threats, vulnerabilities, attack vectors, and security technologies to proactively improve application security posture.

Information Security Compliance:

• Ensure compliance with relevant security standards and regulations, including ISO 27001, NIST Standard, risk management
• Develop and maintain security documentation and procedures.
• Assist with external security audits and assessments.
• Stay up to date on the latest security threats and vulnerabilities.

Other Duties:

• Provide security consulting and support to other teams.
• Evaluate and recommend new security technologies and solutions.
• Participate in security awareness training and initiatives.
• Understanding of Technology & Security Risk Management and Vendor Risk Management Framework

Technical Skills and Capabilities (Primary Must Have):

• 4-5 years experience working in IT Security in multiple capacities.
• Hands-on experience with application security tools such asBurp Suite, IBM AppScan, Acunetix, HP WebInspect, NTOSpider, Postman, and others.
• Strong expertise inmanual and automated web application security testingand a deep understanding ofOWASP Top 10andbusiness logic vulnerabilities.
• Solid experience testing RESTful and SOAP APIs, analyzing request/response flows, and validating secure implementation.
• Strong knowledge of secure coding principles, common attack vectors (OWASP, SANS Top 25, WASC), and mitigation techniques.
• Familiarity with CI/CD pipelines and integrating security testing into DevOps workflows (preferred).
• Proficiency in bothBlack BoxandWhite Boxtesting methodologies.

Certifications (Preferred):

• Certified Ethical Hacker (CEH),OSCP, eWPT, or equivalent security certifications are preferred.

• Certification like ISO 27001, CISA, CRISC, CISM, CISSP etc. would be an added advantage.

Competencies:

• The ability to multitask, act under pressure and quickly identify and deal with priority matters under tight deadlines. Attention to detail is essential.
• The ability to handle multiple inquiries at any one time, often under considerable deadline pressure.

Desired Skills:

• Strong analytical and problem-solving skills with the ability to prioritize and manage multiple tasks.
• Excellent communication skills capable of articulating technical issues and recommendations clearly to both technical and business stakeholders.
• Demonstratedownership and accountability proactive in identifying issues, taking initiative, and driving closure.
• Ability to work independently as well as in a cross-functional team environment