SRM TechnologiesRemote
Application Security Engineer – Senior AppSec Engineer
India
Full Time
2 hours ago
No Sponsorship
Key skills
AWSAzureCloudDockerGoogle Cloud PlatformKubernetesMicroservicesPythonSDLCServiceNowBashPowerShellGCPGoogle CloudOAuthJWTJiraCI/CDSonarQubeCheckmarxOWASPPenetration Testing
About this role
Role Overview
- Perform application security assessments for web and API applications
- Integrate security into Secure SDLC (SSDLC) and DevSecOps pipelines
- Conduct threat modeling and security design reviews
- Execute vulnerability scans using tools like Tenable
- Analyze results from SAST, DAST, and manual testing
- Document findings including severity, exploitability, reproduction steps, and remediation guidance
- Integrate and maintain SAST/DAST tools within CI/CD pipelines
- Perform vulnerability validation, PoC development, and false-positive analysis
- Apply risk-based prioritization and track remediation to closure
- Provide L2/L3 support, incident investigation, and root cause analysis (RCA)
- Maintain AppSec documentation, audit evidence, and compliance reports
- Track and report vulnerability metrics, scan coverage, and remediation status
Requirements
- Strong experience in Application Security (Web & API Security Testing)
- Expertise in OWASP Top 10 vulnerabilities and remediation techniques
- Hands-on experience with SAST tools (Checkmarx, Veracode, SonarQube)
- Hands-on experience with DAST tools (Burp Suite, OWASP ZAP)
- Experience with vulnerability scanning tools (Tenable preferred)
- Knowledge of Secure SDLC and DevSecOps practices
- Strong understanding of HTTP, REST APIs, authentication (OAuth, JWT)
- Proficiency in Python / Bash / PowerShell scripting
- Experience with CI/CD tools and pipeline security integration
- Familiarity with JIRA / ServiceNow or similar tracking tools
- Experience in manual penetration testing and exploit development (preferred)
- Exposure to red team techniques and offensive security testing (preferred)
- Experience in cloud environments (AWS / Azure / GCP) (preferred)
- Knowledge of container and microservices security (Docker, Kubernetes) (preferred)
- Experience supporting SOC 2, ISO 27001, or similar audits (preferred)
- OSCP / OSWE / GWAPT / eWPT (preferred)
- CEH (Certified Ethical Hacker) (preferred)
- CISSP / CSSLP (preferred)
- AWS Security Specialty / Azure Security Engineer (preferred)
- Certified Kubernetes Security Specialist (CKS) (preferred)
Tech Stack
- AWS
- Azure
- Cloud
- Docker
- Google Cloud Platform
- Kubernetes
- Microservices
- Python
- SDLC
- ServiceNow
Benefits
- Professional development opportunities