Description :

Role : Application Security Engineer (SAST, SCA, DAST)

Location : Remote (India)

Duration : 6+ Months (Contract)

Experience : 3+ Years

Role Summary :

The Application Security Engineer will be a key member of the Information Security team, responsible for embedding security into the heart of our software development lifecycle.

You will leverage your technical expertise to assess, research, and refine security designs for diverse software solutions.

This role is focused on the proactive identification and remediation of vulnerabilities across the web application surface through automated testing and deep-dive analysis.

You will collaborate with development teams to establish robust security requirements and provide expert guidance on mitigating risks within the CI/CD pipeline.

Responsibilities :

- Perform deep-dive security assessments of web applications using SAST (Static Application Security Testing) and SCA (Software Composition Analysis) to identify vulnerabilities in source code and third-party libraries.

- Execute and manage DAST (Dynamic Application Security Testing) scans to identify runtime vulnerabilities and logic flaws in production and staging environments.

- Support the integration of security test automation into GitHub CI/CD pipelines, ensuring "Security as Code" is maintained throughout the development lifecycle.

- Configure and manage Web Application Firewall (WAF) technologies to proactively shield applications from common threats such as SQLi, XSS, and CSRF.

- Research and design advanced security requirements for new product features, ensuring security is considered from the initial design phase.

- Collaborate with internal stakeholders and engineering teams to review security findings and provide clear, actionable remediation guidance.

- Maintain the external web application attack surface by continuously monitoring for emerging threats and misconfigurations.

- Contribute to the automation of security workflows to reduce manual effort and accelerate the vulnerability management lifecycle.

- Assist in the documentation of security standards, best practices, and remediation playbooks for the broader development organization.

Technical Requirements :

- Minimum of 3 years of dedicated experience in Application Security or a related security-focused engineering role.

- Proven hands-on experience with industry-standard security scanning utilities (e.g., Checkmarx, Snyk, Veracode, Burp Suite, or Zap).

- Strong proficiency in security testing for Web Applications, with a deep understanding of the OWASP Top 10 vulnerabilities.

- Ability to read and perform security code reviews in at least one of the following : Python, C#, or JavaScript.

- Practical experience with GitHub Actions or similar CI/CD platforms for automating security gates.

- Familiarity with WAF solutions (e.g., Cloudflare, AWS WAF, or Akamai) and their role in application defense.

- Understanding of modern web architectures and the specific security challenges associated with APIs and microservices.

Preferred Skills :

- Security certifications such as OSWA, CASE, or GWE are highly desirable.

- Experience with container security (Docker/Kubernetes) and scanning images for vulnerabilities.

- Knowledge of infrastructure-as-code (IaC) security scanning tools.

- Strong communication skills with the ability to explain complex security risks to non-technical stakeholders.

- Experience in a fast-paced, remote-first engineering environment.

- Proactive mindset regarding security research and keeping up with the latest exploit techniques and zero-day vulnerabilities.

Application Security Engineer (SAST, SCA, DAST)