Experience : 4+ Years
Job Location : Ghansoli, Mumbai
Job Description
We are seeking an experienced Application Security / Product Security Engineer to help secure
our applications and products throughout the software development lifecycle. The ideal
candidate will have strong knowledge of cloud-based architectures, application security best
practices, and secure SDLC, along with hands-on experience performing security design
reviews and application testing across web, API, mobile, and thick client applications. This role
requires close collaboration with engineering, architecture, DevOps, and product teams to
identify security risks early and ensure secure product development.
Key Responsibilities
Integrate security practices into the Software Development Lifecycle (SDLC).
Perform application security design reviews for new and existing products.
Conduct manual and automated security testing of:
o Web applications
o REST / GraphQL APIs
o Mobile applications (Android / iOS)
o Thick client / desktop applications
Identify vulnerabilities such as OWASP Top 10, authentication issues, authorization
flaws, and API security risks.
Review cloud architecture and deployments (AWS, Azure, GCP) for security best
practices.
Work with development teams to prioritize and remediate vulnerabilities.
Perform threat modeling and security architecture assessments.
Track vulnerabilities, remediation status, and risk metrics using Excel or vulnerability
management tools.
Support secure coding practices and developer security awareness.
Manage multiple security assessments and coordinate tasks across teams.
Provide reports and dashboards for management regarding security posture.
Required Skills & Qualifications
Strong understanding of Application Security and Product Security principles.
Experience with secure SDLC practices.
Hands-on experience performing security testing for:
o Web applications
o APIs
o Mobile apps
o Thick client applications
Knowledge of cloud platforms (AWS / Azure / GCP) and cloud security architecture.
Experience performing security design reviews and threat modeling.
Familiarity with OWASP Top 10, API Security Top 10, and common vulnerability
classes.
Experience using security tools such as:
o SAST
o DAST
o SCA
API testing tools
Good working knowledge of Excel for tracking vulnerabilities, metrics, and reporting.
Strong task management and stakeholder coordination skills.
Ability to work with engineering and product teams to drive security remediation.
Preferred Qualifications
Certifications such as:
o CEH
o OSCP
o GWAPT
o CSSLP
o CISSP
Experience with DevSecOps pipelines and CI/CD security integration and
architecture design principles.
Experience with container and Kubernetes security and cloud security.
Soft Skills
Strong communication and collaboration skills
Ability to manage multiple projects and stakeholders
Analytical thinking and problem-solving ability
Strong documentation and reporting skills