Application Security Engineer

Job Title: Application Security Engineer-Bangalore

This is a hybrid position, so you’ll work both remotely and in the office

Our Tech Stack: Java, Spring, Rest API, Microservices, Kafka, Spark, NodeJS, AWS, Kubernetes, Terraform, AngularJS

What you’ll do

• Collaborate with teams across a global organization to support the adoption and implementation of secure software development practices and tooling.
• Contribute hands-on to critical engineering and tooling projects, working closely with technical leads and product owners to ensure security is a key part of successful project outcomes.
• Mentor engineers and influence architectural decisions to ensure security is embedded by design.
• Design and develop reusable, flexible security components and APIs to support scalable, secure application development across the company.
• Define and promote best practices to ensure software security without compromising functionality, usability, reliability, or availability.
• Participate in design and code reviews, providing actionable security recommendations as needed.
• Collaborate with project teams to design and prototype secure solutions, validating key assumptions and security objectives.
• Evaluate, implement, and support a range of security tools to improve visibility and reduce risk.
• Build strong relationships and communicate effectively with stakeholders throughout the SDLC, including Product, Engineering, and Operations teams.

Your experience

• 5+ years of experience in application security, software development, or a related engineering role.
• Strong understanding of secure software development practices, including experience working with developers to embed security into the SDLC.
• Hands-on experience conducting security design reviews, threat modeling, and code reviews for web and cloud-based applications.
• Familiarity with common application vulnerabilities (e.g., OWASP Top 10) and experience in identifying and remediating them.
• Experience working with security tools such as SAST, DAST, SCA, and container security scanners.
• Ability to communicate security concepts effectively to both technical and non-technical stakeholders.

Nice to haves:

• Experience with AWS security best practices and securing cloud-native architectures.
• Background in DevSecOps or building security automation into CI/CD pipelines.
• Familiarity with Bug Bounty triage or managing responsible disclosure programs.
• Experience with regulatory frameworks (e.g., ISO 27001, SOC 2, or GDPR) as they relate to product security.
• Programming or scripting skills (e.g., Python, JavaScript, or Go) to build internal tools or automation.