Application Security Engineer

Role - Application Security Engineer

Experience - 4-7 yrs

Location - Bangalore

Qualifications & Experience

Education: Bachelors degree in Computer Science, Cybersecurity, Information Security, or equivalent practical experience.

Experience: 35+ years in application security, product security, or penetration testing with strong hands-on skills.

Technical Testing: Demonstrated experience in web application and API security testing; mobile security experience is strongly preferred.

Tooling: Proficiency with at least two of the following: Accunetix, Burp Suite, OWASP ZAP SonarQube (or other SAST tools), dependency scanning, or secrets scanning

tools.

Technical Knowledge & Skills

Deep understanding of OWASP Top 10 and API security risks (BOLA/IDOR, mass assignment, rate-limit abuse).

Strong grasp of authentication and authorization models, including JWT, OIDC, and session handling.

Working knowledge of DevSecOps practices and embedding security testing into CI workflows (GitHub Actions).

Ability to build reproducible proofs and utilize scripting (Python/Node) for light automation.

Familiarity with Cloudflare WAF/API Shield and API gateway architectures (Kong/AWS API Gateway) is a plus.