Back to search
SISA Linkedin · Posted 18d ago

Application Security Professional

India

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Experience: 7–10 years

Location: Bangalore

Employment Type: Full-time

Role Summary

We are looking for a senior application security professional with strong hands-on expertise in securing web applications, mobile applications, APIs, and modern cloud-native application environments. The role requires the ability to independently lead complex application security assessments, perform secure design reviews, identify critical vulnerabilities, and work closely with engineering teams to drive remediation across the SDLC.

Key Responsibilities

  • Lead security assessments for web applications, mobile applications, APIs, and cloud-based applications.
  • Perform advanced manual and automated security testing across development, staging, and production environments.
  • Conduct security testing for Android and iOS applications, including static analysis, dynamic analysis, runtime testing, reverse engineering, and insecure storage reviews.
  • Assess REST, SOAP, GraphQL, and microservices-based APIs for authentication, authorization, data exposure, injection, rate limiting, and business logic flaws.
  • Perform secure architecture reviews, threat modeling, and risk assessments for critical applications and new product features.
  • Review source code and provide secure coding recommendations to development teams.
  • Support DevSecOps initiatives by integrating SAST, DAST, SCA, secret scanning, and container security tools into CI/CD pipelines.
  • Validate vulnerabilities, define risk ratings, prepare detailed reports, and provide practical remediation guidance.
  • Track findings to closure and validate remediation fixes.
  • Mentor junior security team members and contribute to internal AppSec methodologies, checklists, playbooks, and standards.
  • Engage with development, DevOps, QA, product, and business teams to improve security maturity.

Required Skills

  • Strong hands-on expertise in web application security, mobile application security, and API security testing.
  • Deep understanding of OWASP Top 10, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, CWE, and CVSS.
  • Advanced knowledge of authentication and authorization mechanisms such as OAuth 2.0, OIDC, SAML, JWT, MFA, RBAC, and ABAC.
  • Experience identifying and exploiting vulnerabilities such as XSS, SQL injection, IDOR, SSRF, CSRF, authentication bypass, insecure deserialization, cryptographic flaws, insecure storage, and business logic issues.
  • Hands-on experience with tools such as Burp Suite, OWASP ZAP, Postman, MobSF, Frida, Objection, JADX, APKTool, ADB, SQLMap, Nuclei, and SoapUI.
  • Ability to perform secure code reviews in languages
  • Good understanding of DevSecOps, CI/CD security, SAST, DAST, SCA, container scanning, and secrets management.
  • Ability to independently lead assessments from scoping to reporting.
  • Strong reporting, communication, stakeholder management, and developer collaboration skills.

Good to Have

  • Experience with cloud application security across AWS, Azure, or GCP.
  • Knowledge of Docker, Kubernetes, and containerized application security.
  • Familiarity with compliance standards such as PCI DSS, ISO 27001, SOC 2, GDPR, or HIPAA.
  • Experience with bug bounty, responsible disclosure, product security, or purple team activities.
  • Certifications such as OSCP, GWAPT, GMOB, GWEB, eWPT, or eWPTX.
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent