SENIOR ENGINEER - ENGINEER

Position: Security Assessor – Individual Contributor

Experience: 5–8 Years

Location: Chennai, Bangalore, Dubai

Employment Type: Full-time

Role Overview

Security Assessor (Individual Contributor)

This role requires independently conducting security assessments, identifying vulnerabilities, working with business teams and providing remediation guidance with minimal supervision.

Key Responsibilities

Security Assessments

• Perform

  Web Application Security Testing

   based on OWASP Top 10, SANS, and industry standards.
• Conduct

  Mobile Application Security Testing

   (Android/iOS).
• Evaluate

  API Security

   for REST, SOAP, GraphQL, and microservices.

Secure Code Review

• Conduct

  manual and automated source code reviews

   across multiple languages and frameworks.
• Provide detailed remediation guidance to development teams.

Cloud Security

• Perform

  intermediate cloud security reviews

   (AWS/Azure/GCP).
• Identify misconfigurations and assess cloud-native security risks.

Network Security

• Conduct

  basic network security assessments

   and configuration reviews.

Risk Assessment & Governance

• Apply strong understanding of

  banking domain risks

  , regulatory expectations, and security controls.
• Map technical findings to

  business impact

  , ensuring accurate risk interpretation.
• Perform

  risk assessment and vulnerability risk rating

   using industry-standard frameworks (CVSS, OWASP risk rating, custom client risk models, etc.).
• Support secure design discussions and provide guidance during architecture reviews.

Reporting & Collaboration

• Prepare clear and comprehensive reports with risk ratings and remediation steps.
• Collaborate with developers, DevOps, infrastructure, and architecture teams to close vulnerabilities.
• Support integration of security controls into SDLC/DevSecOps pipelines.

Required Skills & Expertise

• Strong hands-on experience in

  Web, Mobile, and API Security Testing

  .
• Proficiency in

  manual and automated source code reviews

  .
• Intermediate-level understanding of

  cloud security

   (AWS, Azure, GCP).
• Basic understanding of

  network security

  .
• Strong knowledge of

  banking processes, application workflows, and business risks

  .
• Ability to translate technical vulnerabilities into

  business impact

  .
• Familiarity with

  risk assessment frameworks and vulnerability rating mechanisms

  .
• Proficiency with security tools such as Burp Suite, MobSF, Postman, Checkmarx, Fortify, SonarQube, OWASP ZAP, etc.
• Excellent analytical, documentation, and communication skills.
• Ability to operate independently as an

  Individual Contributor

   in a fast-paced environment.

Preferred Qualifications

• Certifications such as

  OSCP, OSWE, OSEP, CEH, eWPTX, eMAPT, CISA, CCSK, AWS/Azure Security

  , or relevant security credentials.
• Exposure to

  DevSecOps pipelines

  , CI/CD, container security.