Job Title : Application Security Engineer

Experience : 5+ Years

Department : Technology Information Security

Location : Chennai (Hybrid 3 days from office)

Mode : Contract

Reporting To : Application Security Architect

Working Hours : Full Time (9 hours/day)

Role Summary
The Application Security Engineer will play a key role in securing Lebaras applications and services by integrating security standards into the software development lifecycle, conducting vulnerability assessments, penetration testing, and providing expert security guidance across technology teams.

Key Responsibilities :

- Integrate security tools, standards, and practices into the product lifecycle (PLC).

- Perform vulnerability assessments and penetration testing for infrastructure, applications, services, and mobile apps.

- Provide manual penetration testing and gap analysis.

- Support incident response, architecture reviews, and vendor due diligence.

- Manage penetration testing services (in-house and external).

- Develop and maintain security improvement projects for application frameworks and perimeter defenses.

- Produce and present application security metrics and reports for stakeholders.

- Collaborate with developers and architects to drive secure coding practices and SSDLC adoption.

Skills & Experience :

Must-Have Skills :

- Security Frameworks & Standards : Strong knowledge of industry-standard security frameworks like OWASP Top 10, SANS 25, and MITRE ATT&CK.

- SDLC & Architecture : A deep understanding of the Secure Software Development Lifecycle (SSDLC), Service-Oriented Architecture (SOA), REST APIs, and API Gateways.

- Penetration Testing : Hands-on experience with penetration testing across various environments, including IaaS, SaaS, PaaS, containers, and cloud services (AWS/Azure/GCP).

- Tools : Proficiency with essential security tools such as Burp Suite, Rapid7 InsightVM, Tenable.io, OpenVAS, Kali Linux, Metasploit, Nmap, and BloodHound.

- Scripting & OS : Strong proficiency in scripting languages like Python, Bash, and PowerShell, along with experience in Windows/Linux OS security and web servers like Apache/Unix.

- Risk & Compliance : Solid knowledge of risk scoring systems (EPSS, CVSS) and compliance standards (CIS Benchmark, NIST).

Preferred Skills :

- Offensive Security : Experience with Red Teaming, including defense evasion, lateral movement, and privilege escalation techniques.

- Security Management : Familiarity with external attack surface management.

- Certifications : Relevant security certifications such as CISSP, OSCP, CEH, or CSSLP.

- Coding : Basic coding experience in languages like JavaScript, React, Node.js, .NET, or Java.