Technical Lead

We are seeking an experienced and technically skilled Senior Technical Lead – Application Security to strengthen our cybersecurity posture. The candidate would be directly reporting to the CISO. The role requires expertise in Application Security comprising of various sub-domains such as Vulnerability Assessments / Penetration Testing, Architecture Reviews, Vendor Risk Management, Source Code Reviews. The Candidate will be responsible for leading high-impact assessments and working across various departments to secure critical digital assets.

Descriptions:

Technical Responsibilities:

• Conduct Vulnerability Assessments and Penetration Testing (Web, Mobile – Android/iOS, APIs).
• Perform Application Security Assessments, Log Reviews, Document Assessments, and Network Monitoring.
• Conduct architecture reviews and security assessments for internal and third-party APIs.
• Perform dark web monitoring to identify potential data leaks, breaches, or brand threats.
• Perform Source Code Reviews (Dynamic and Static)
• Perform Internal Red Teaming Exercises
• Assist the CISO and Infosec Team in conducting Actual Cyber Drills comprising of various different scenarios
• Research and evaluate emerging vulnerabilities, threats, and new tools for departmental use.
• Prepare detailed reports and assist during management submissions and vendor interactions.
• Manage escalations, ensure strong documentation, and adhere to project timelines.
• Additionally, the Candidate would also assist the CISO and Infosec Team with various activities such as – conducting Phishing Simulation Exercises, Review of Master Service Agreements (MSAs) and NDAs of partners from a security standpoint.

Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field. Master’s Degree or BE would be an additional advantage.
• Strong understanding of secure architecture, API security (REST/SOAP), OWASP (Web & Mobile), and secure coding practices.
• Knowledge of WAFs, DDoS mitigation (e.g., Akamai), and system hardening (e.g., CIS Benchmarks).
• Familiarity with contract review from a security risk and compliance perspective (MSA/NDA).
• The Candidate should be fluent in English should have very good written and oral communication skills.
• Proficient in MS Office tools – Word, Excel, and PowerPoint.

Certifications: (Preferred but not mandatory)

• OSCP, OSWE, CEH (Master), GWAPT, GPEN, or equivalent industry certifications would be an additional advantage.

Experience:

• 10 - 12 years of relevant experience in:
• Conducting VAPT for networks, applications, APIs, and mobile platforms.
• Manual and automated penetration testing.
• API security reviews and architecture security assessments.
• Dark web monitoring and threat detection.
• Working in fintech, payments, or regulated industries (e.g., banking).