Narayana Health - Application Security Engineer

About Athma :

Software Development Centre is the technology arm of Narayana Health, a leading healthcare network spanning two countries. We at Athma SDC are engaged in building next generation products for healthcare with the goal of making healthcare safe and affordable to the patients.

Why Join ATHMA ?

- Be Part of a Health Tech Revolution : Join ATHMA in transforming healthcare through technology, making it more personalised, accessible, and effective for Indian users.

- Work-Life Balance : We support a balanced work environment that fosters personal well-being and professional growth.

- Growth & Learning : Youll have opportunities to learn from the best in health tech and work on products that directly impact millions of users.

- Impactful Work : Play a key role in improving patient outcomes, driving innovation, and setting new standards for healthcare technology in India.

We are seeking a motivated and hands-on Application Security Analyst with strong experience in Web and Mobile Application Penetration Testing.

The ideal candidate will be responsible for conducting Vulnerability Assessment and Penetration Testing (VAPT) and supporting secure SDLC initiatives using SAST, SCA, DAST, and MAST methodologies.

This role will work closely with development, DevOps, and product teams to identify, validate, and remediate application security risks.

- Perform Web and Mobile Application VAPT to identify security vulnerabilities, misconfigurations, and logic flaws.

- Conduct security testing using SAST, SCA, DAST, and MAST tools and techniques.

- Validate findings manually to eliminate false positives and assess real-world exploitability.

- Perform API security testing (authentication, authorization, business logic, rate limiting, etc.).

- Collaborate with development teams to integrate security controls into the Secure Software Development Lifecycle (SSDLC).

- Provide clear remediation guidance aligned with secure coding best practices.

- Map vulnerabilities to OWASP Top 10 (Web, API, Mobile) and MASVS standards.

- Assist in creating and maintaining application security standards, testing procedures, and guidelines.

- Support periodic re-testing and closure validation of identified vulnerabilities.

- Stay updated with emerging threats, attack techniques, and application security trends.

- 3 years of hands-on experience in Application Security or VAPT.

- Strong understanding of Web, API, and Mobile application architectures.

Practical experience with VAPT tools such as :

- Burp Suite (Professional preferred)

- OWASP ZAP

- Mobile testing tools (MobSF, Drozer, Frida good to have)

Solid knowledge of :

- OWASP Top 10 (Web, API, Mobile)

- Common vulnerabilities (IDOR, Auth issues, Business Logic flaws, Injection, XSS, CSRF, etc.)

- Experience working with SAST, SCA, and DAST tools (tool-agnostic understanding is acceptable).

- Ability to analyze logs, HTTP traffic, and application behavior for security flaws.

- Strong reporting skills with the ability to explain risks clearly to technical and non-technical stakeholders.

- Good understanding of secure coding practices.

- Exposure to CI/CD security integration.

- Knowledge of Threat Modeling concepts.

- Security certifications : Any Appsec related training certifications.

- Strong analytical and problem-solving mindset.

- Good communication and documentation skills.

- Ability to work collaboratively with cross-functional teams.

- Willingness to learn and adapt in a fast-changing security landscap.