Application Security Engineer II
5d5 days agoCME Group
Bengaluru, IN · Full-time · INR 2,500,000 – INR 4,500,000
About this role
The Application Security Engineer performs manual application security assessments including pentests and communicates findings to developers and QA teams. They provide application design support and security best practice guidance through consultations to development teams and business stakeholders. This role actively promotes security via interactive workshops and internal Capture The Flag events.
Serve as the primary application security resource for development teams, offering consulting and guidance throughout the Software Development Life Cycle. Perform manual security assessments at key SDLC points and produce documentation including reports. Present findings to various stakeholders effectively.
Collaborate with developers, QA, and business stakeholders to integrate security early in development processes. Engage in knowledge sharing and promote a security-first culture through hands-on exercises. Work in a dynamic tech environment focused on offensive security practices.
Contribute to automation initiatives integrating new security tools and processes like AI. Demonstrate commitment to continuous education and staying current in application security. Foster collaboration and proactive problem-solving across teams.
Requirements
- 3+ years experience with industry standard penetration testing or equivalent knowledge
- Experience performing blackbox/greybox/whitebox security assessments of applications including web applications, APIs, thick clients, web sockets using HTTP or proprietary protocols
- Excellent skills with application security testing tools including Burp Suite, sqlmap, nmap
- Experience performing manual reviews of application source code for security vulnerabilities in languages like Java, JavaScript, .Net (C#)
- Experience with Cloud architectures, security principles and services; Google Cloud Platform (GCP) preferred
- Experience with automating security testing using scripting languages like Python, bash, PowerShell
- Experience with UNIX or Linux
- Self-starter who proactively seeks answers, asks for help when needed, and communicates solutions
Responsibilities
- Serve as the primary application security resource for development teams, offering security consulting and best practice guidance throughout the SDLC
- Perform manual security assessments at key points in the SDLC
- Produce documentation and present findings of manual security assessments to various stakeholders
- Contribute to automation initiatives, including integration of new security tools and processes such as AI
- Promote security through engaging interactive workshops and exercises like internal Capture The Flag events
- Provide application design support and security best practice guidance via consultations to development teams and stakeholders
Similar roles
Threat Detection Engineer
5d5 days agoLeidos
Arlington, US · Full-time · $131,300 – $237,350
Detection Engineer
5d5 days agoOTP Bank
Budapest, HU · Full-time
Senior Application Security Engineer
5d5 days agoFree
Paris, FR · Full-time · €70,000 – €95,000
Information Security Engineer
5d5 days agoCinch Home Services
Boca Raton, US · Full-time · $120,000 – $160,000