Application Security Specialist

LOCATION: Bangalore, India

TITLE: Product Security Specialist

LEVEL: Senior Associate

JOB TYPE: Full Time

Reports to: Product and Cloud Security Manager

We are looking for a high-performing individual looking to advance their career in our Global Information Security Team. We need a motivated and detail-oriented Product SaaS Security Specialist to join our security team. This subject matter expert-level role is ideal for candidates with good knowledge in application security and a passion for securing modern web, mobile, and enterprise applications.

You will work closely with global development teams to design secure applications, design identity and access management, model secure data flows, define encryption, data masking and anonymization, perform vulnerability assessments, support penetration testing activities, and contribute to our ongoing security monitoring and incident response efforts.

The product security specialist will be assisting development teams in securing systems and applications at every stage of the software development lifecycle, ensuring that the principles of 'Security by design' and 'Security by default' are followed, thereby integrating security into the DevOps and SDLC process.

The role will workin partnershipwith wider Dev team, IT Infrastructure, Technology, EUC support, business, andproduct teams to maintainand improve technical tools, a set of controls, and the incident response process.

Responsibilities:

• Assist in designing, implementing, testing and reviewing application security controls across system & product development projects.
• Assist in reviewing, design and implementing Authentication, Authorization and IAM controls across various applications and environments.
• Assist in performing Application Security Testing (SAST/DAST etc)
• Performing application IAM design reviews and access recertifications.
• Contribute to the development and implementation of security policies, requirements, and guidelines.
• Help to address information security incidents and audit findings.
• Provide security guidance and best practices to development teams on secure coding principles.
• Collaborate with global application development teams to promote secure coding practices and assist with threat modelling.
• Perform threat modelling and document potential security risks for new and existing features.
• Participate in security reviews for application architecture, code changes & design documents.
• Perform vulnerability assessments and penetration testing of applications, APIs, and web services.
• Identify, document, and report security vulnerabilities with clear and concise remediation recommendations.
• Support the identification, tracking, and remediation of security vulnerabilities across applications
• Monitor security tools and dashboards to detect threats and weaknesses in real-time.
• Stay current with the latest application security trends, tools, and technologies.
• Contribute to documentation of security standards, guidelines, and procedures.
• Support internal security audits and compliance initiatives (e.g., ISO 27001, SOC 2, etc.)

Qualifications & Technologies:

• Bachelors degree in computer science, IT engineering, or equivalent.
• 3+ years of experience in application security or software development with a strong interest in security.
• Familiarity with Secure Development Lifecycle (SDLC) practices
• Understanding of common web application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
• Familiarity with security testing tools and techniques (e.g., Burp Suite, OWASP ZAP, static & dynamic analysis tools or similar).
• Understanding of programming languages (e.g., Java, Python, JavaScript, SQL) and web technologies.
• Understanding of authentication/authorization protocols: OAuth2.0, OpenID Connect, SAML)
• Experience with cloud security concepts (e.g., AWS, Azure, GCP).
• Experience with coding and scripting languages (e.g., Python, Bash, PowerShell).
• Experience on Git, Sentinel One, Microsoft Azure AD, Microsoft Windows Server, Microsoft Defender Suite, Microsoft Compliance Suite, Mimecast, Sentinel One, Arctic Wolf, Tenable/Nessus, Kali Linux, AWS Security, BitSight, knowb4.com, SolarWinds.
• Professional level technical security management certification (Microsoft SC, EC-Council, CompTIA

Why Morae?

Moraes approach to employee development is unique in the marketplace. At Morae employees are given opportunities to progress at theirown pace and to influence the course of their professional growth. This includes having the opportunity to earn a client facing role or even an oversight rolewithintheirfirstyear!

About Morae:

Morae is a dynamic, high-growth organization that provides an integrated suite of solutions to corporate law departments andlaw firms, and partners with leading software and services providers, both withinand outside thelegalindustry. We are a young company but are made up of seasoned professionalsin the legal industry, witha focus on building productive long-term relationships with employees and clients in an environment wherecollaborationis encouraged,knowledge is shared freely,and diversity of thought, cultures, communities, and points of view is embraced. Our team has the vision to create an effective solution forany business problem andthe experience to execute thatvision. Learn more at www.moraeg.com. Our privacy policy can be found here https://www.morae.com/privacy-policy.