IE
Application Security Engineer (6+ Yr, Web and Mobile, Penetration testing, Immediate Joiner preferred )
Accepting applicationsInnova ESI · Mumbai, Maharashtra, India
Full-Time Mid_senior AIJavaPythonaiate
Posted
3d ago
Category
Test
Experience
Mid_senior
Country
India
Role : Application Security Engineer (6+ Yr, Web and Mobile, Penetration testing ,Immediate Joiner preferred )
Location : Mumbai
Type : Full Time (MNC)
Exp : 6+ Yr
Skills :
We are seeking a technically strong Application Security Engineer for an Individual Contributor role. The ideal candidate will be responsible for identifying, assessing, and help developers mitigating security vulnerabilities across web, mobile, APIs, thick clients, and cloud-based applications throughout the Software Development Lifecycle (SDLC). He/she should have deep hands-on experience in penetration testing, secure code review, threat modeling, and working with development teams to integrate security best practices.
Key Responsibilities:
Perform manual and automated security testing for web, mobile, and API-based applications.
Identify and evaluate vulnerabilities using tools such as Burp Suite, OWASP ZAP, and others.
Conduct secure code reviews to identify insecure coding practices and provide secure alternatives.
Perform threat modeling and secure design reviews for applications and systems.
Document detailed technical findings and communicate clearly to both technical and non-technical stakeholders.
Collaborate with development teams to ensure timely remediation of identified vulnerabilities; suggest compensating or mitigating controls when necessary.
Stay current with emerging security threats, vulnerabilities, and security technologies.
Required Skills & Qualifications:
3–5 years of relevant experience in application security and penetration testing.
Strong understanding of OWASP Top 10, SANS CWE 25, and secure development best practices.
Proven experience in mobile application security testing including static and dynamic analysis, and familiarity with Android/iOS architectures.
Proficiency in API security testing and tools.
Hands-on experience with industry-standard tools such as Burp Suite, OWASP ZAP, SQLMap, Postman, Echo Mirage, Nessus, Nmap, Metasploit, and Kali Linux.
Familiarity with programming/scripting languages like Java, Python, JavaScript.
Solid understanding of authentication protocols such as OAuth 2.0, SAML, JWT, and cryptographic standards.
Up-to-date knowledge of current CVEs, exploits, and cybersecurity news.
Ability to manage multiple tasks, prioritize effectively, and work independently.
Experience or exposure to securing AI APIs, chatbots, AI/ML-enabled applications and AI-assisted applications. Understanding of AI security threats such as prompt injection, model leakage, data poisoning, and adversarial inputs.
Relevant security certifications such as OSCP, OSWE, EWPT, GWAPT, LPT, or ECSA.
Nice to Have:
Experience in network penetration testing or IoT security testing
Experience with cloud and container security technologies (e.g., Docker, Kubernetes, AWS, Azure)
Show more Show less
Location : Mumbai
Type : Full Time (MNC)
Exp : 6+ Yr
Skills :
We are seeking a technically strong Application Security Engineer for an Individual Contributor role. The ideal candidate will be responsible for identifying, assessing, and help developers mitigating security vulnerabilities across web, mobile, APIs, thick clients, and cloud-based applications throughout the Software Development Lifecycle (SDLC). He/she should have deep hands-on experience in penetration testing, secure code review, threat modeling, and working with development teams to integrate security best practices.
Key Responsibilities:
Perform manual and automated security testing for web, mobile, and API-based applications.
Identify and evaluate vulnerabilities using tools such as Burp Suite, OWASP ZAP, and others.
Conduct secure code reviews to identify insecure coding practices and provide secure alternatives.
Perform threat modeling and secure design reviews for applications and systems.
Document detailed technical findings and communicate clearly to both technical and non-technical stakeholders.
Collaborate with development teams to ensure timely remediation of identified vulnerabilities; suggest compensating or mitigating controls when necessary.
Stay current with emerging security threats, vulnerabilities, and security technologies.
Required Skills & Qualifications:
3–5 years of relevant experience in application security and penetration testing.
Strong understanding of OWASP Top 10, SANS CWE 25, and secure development best practices.
Proven experience in mobile application security testing including static and dynamic analysis, and familiarity with Android/iOS architectures.
Proficiency in API security testing and tools.
Hands-on experience with industry-standard tools such as Burp Suite, OWASP ZAP, SQLMap, Postman, Echo Mirage, Nessus, Nmap, Metasploit, and Kali Linux.
Familiarity with programming/scripting languages like Java, Python, JavaScript.
Solid understanding of authentication protocols such as OAuth 2.0, SAML, JWT, and cryptographic standards.
Up-to-date knowledge of current CVEs, exploits, and cybersecurity news.
Ability to manage multiple tasks, prioritize effectively, and work independently.
Experience or exposure to securing AI APIs, chatbots, AI/ML-enabled applications and AI-assisted applications. Understanding of AI security threats such as prompt injection, model leakage, data poisoning, and adversarial inputs.
Relevant security certifications such as OSCP, OSWE, EWPT, GWAPT, LPT, or ECSA.
Nice to Have:
Experience in network penetration testing or IoT security testing
Experience with cloud and container security technologies (e.g., Docker, Kubernetes, AWS, Azure)
Show more Show less