Application Security Specialist - Vulnerability Management

Description :

Application Security is responsible for embedding security across the application development lifecycle, performing application security testing, identifying and managing vulnerabilities, and ensuring secure coding practices. The role requires hands-on experience in SAST, DAST, SCA, API security, and cloud-native applications, with strong alignment to regulatory and compliance requirements.

Application Security Testing :

- Perform application security assessments across :

- Web applications

- Mobile applications (Android / iOS)

- APIs and microservices

- SAST (Static Application Security Testing)

- DAST (Dynamic Application Security Testing)

- SCA (Software Composition Analysis)

- API security testing

- Support manual application penetration testing for high-risk and critical applications.

- Validate remediation through re-testing and verification.

Secure SDLC & DevSecOps :

- Integrate security controls into the SDLC and CI/CD pipelines.

- Review application architecture and design for security risks.

- Implement DevSecOps practices, including shift-left security.

- Support secure coding practices and provide remediation guidance to development teams.

Vulnerability Management (Application Context) :

- Triage application vulnerabilities based on :

- Risk, exploitability, and business impact

- Track vulnerabilities through closure using ticketing tools.

- Ensure remediation SLAs are met and escalate aging/high-risk issues.

Secure Coding & Developer Enablement :

- Provide secure coding guidelines and best practices.

- Conduct secure code reviews and developer security training.

- Assist development teams in fixing vulnerabilities with actionable recommendations.

Compliance & Audit Support : Ensure application security practices align with :

RBI Cybersecurity Framework :

- ISO 27001

- PCI DSS

- OWASP standards

Support audits by providing :

- Application security assessment reports

- Evidence of secure SDLC implementation

- Remediation and exception documentation