Job Title: Application Security Engineer SAST & DAST Experience Required: 3 to 8 Years Location: Hyderabad / Bangalore / Chennai / Mumbai / Pune / Kolkata / Gurgaon Mode of Interview: MS Teams (12 rounds) Notice Period: 0 to 30 Days Job Overview: We are looking for an experienced Application Security Engineer specializing in SAST & DAST to join our growing team. The ideal candidate will be responsible for integrating security throughout the software development lifecycle (SDLC), implementing and managing security tools, and driving security best practices across the organization. Key Responsibilities: Implement and manage application security testing activities throughout the development, deployment, and maintenance phases. Perform Static Application Security Testing (SAST) using tools like Checkmarx and Fortify . Execute and manage Dynamic Application Security Testing (DAST) tools such as AppScan and WebInspect . Conduct secure code reviews in languages including Java, .NET, Swift, Objective-C . Integrate security tools in DevOps pipelines and CI/CD environments (e.g., Jenkins, TeamCity, Bamboo, Chef, Puppet). Apply OWASP Top 10 , SANS Secure Coding Practices , and Security Engineering Principles during development and assessment. Analyze, triage, and report vulnerabilities using CVSS scoring and determine business impact. Perform penetration testing for web, mobile, and desktop applications. Implement mobile security testing techniques, including bypassing SSL pinning , root detection , reverse engineering , and manifest analysis . Work with containerized environments such as Docker and Kubernetes . Utilize at least one scripting language (e.g., Python, Bash, PowerShell) for automation or security tooling. Required Skills & Experience: Strong experience with SAST and DAST tools (Checkmarx, Fortify, AppScan, WebInspect) Familiarity with OWASP Top 10 , secure coding practices, and vulnerability remediation Proficient in secure code review for Java, .NET, Swift, Objective-C Solid understanding of DevSecOps practices and security toolchain integration Hands-on experience with CI/CD tools (Jenkins, TeamCity, Bamboo, etc.) Experience with container security in Docker/Kubernetes environments Knowledge of CVSS scoring and vulnerability risk assessment Understanding of mobile application security techniques and concepts Experience with scripting in Python, Bash, or equivalent Preferred Qualifications: Security certifications (e.g., CEH, OSCP, GWEB, GWAPT, Security+ ) Exposure to cloud environments (AWS, Azure, GCP) from a security standpoint Familiarity with automated testing tools like Selenium Experience working in Agile and DevOps environments Interested Candidates can share your updated resume to subashini.gopalan@kiya.ai
