Job Description: Application Security Engineer (4–5 Years Experience)
Location: Pune
Department: Information Security
Experience: 4–5 Years
Company: Bajaj Auto Credit Ltd.
Role Overview
We are seeking a skilled and proactive Application Security Engineer to strengthen the security posture of our applications and digital platforms. The candidate will be responsible for integrating security throughout the Software Development Life Cycle (SDLC), conducting application security assessments, managing vulnerability remediation, and collaborating with development, DevOps, cloud, and infrastructure teams.
The ideal candidate should have hands-on experience in secure code reviews, application security testing, DevSecOps implementation, and BFSI/NBFC regulatory requirements.
Key Responsibilities
Application Security Assessment
- Perform Secure Code Reviews (SAST) for web, mobile, APIs, and backend applications.
- Conduct Dynamic Application Security Testing (DAST), API Security Testing, and vulnerability assessments.
- Review application architecture and design from a security perspective.
- Validate security controls during application development and deployment.
- Perform threat modelling and identify security risks in application designs.
DevSecOps & Secure SDLC
- Integrate security controls into CI/CD pipelines.
- Implement and manage DevSecOps tools for automated security testing.
- Establish security gates for application releases.
- Drive Secure SDLC practices across development teams.
- Develop security standards, coding guidelines, and best practices.
Vulnerability Management
- Identify, prioritize, and track remediation of application vulnerabilities.
- Validate fixes and perform retesting activities.
- Manage risk acceptance and exception processes.
- Monitor vulnerability trends and report metrics to management.
Cloud & API Security
- Assess cloud-native applications deployed on AWS, Azure, or GCP.
- Review API security controls and conduct API penetration testing.
- Validate authentication, authorization, encryption, and session management mechanisms.
- Ensure compliance with OWASP API Security Top 10 controls.
Governance & Compliance
- Support compliance requirements related to:
- RBI Guidelines
- ISO 27001 & ISO 42001
- CERT-In directives
- Digital Personal Data Protection (DPDP) Act
- Participate in internal and external security audits.
Security Awareness & Consultation
- Provide security consultation to development teams.
- Conduct secure coding awareness sessions.
- Assist developers in vulnerability remediation and security design reviews.
Technical Skills Required
Application Security
- Strong understanding of:
- OWASP Top 10
- OWASP ASVS
- OWASP API Security Top 10
- MITRE ATT&CK Framework
- CWE/SANS Top 25
Security Testing Tools
Hands-on experience with:
- Burp Suite Professional
- SonarQube Security
- Contrast Security
- Snyk
- Acunetix
- Nessus
- Nuclei
- Postman
DevSecOps
Experience with:
- Jenkins
- GitHub Actions
- GitLab CI/CD
- Azure DevOps
- Docker
- Kubernetes
- Terraform
Programming Knowledge
Understanding of:
- Java
- .NET
- Python
- Node.js
- JavaScript
- React
- Spring Boot
Ability to review source code and identify security flaws.
Cloud Security
Working knowledge of:
- Azure Security Services
- Container Security
- Secrets Management
- IAM Controls
NBFC/BFSI Domain Experience (Mandatory)
- Experience working in Banking, NBFC, FinTech, Insurance, Payment Gateway, or Financial Services environments.
- Understanding of:
- Digital Lending Platforms
- Payment Systems
- Mobile Banking Applications
- Internet Banking Applications
- Customer KYC Platforms
- Financial APIs and Open Banking
Desired Skills & Qualifications
- Bachelor’s degree in computer science, IT, Cyber Security, or related field.
- 4–5 years of hands-on experience in application Security, Vulnerability Management & Incident Management.
- Strong analytical and problem-solving skills.
- Excellent communication and stakeholder management abilities.
- Experience working with Agile and DevOps teams.
- Ability to manage multiple application security assessments simultaneously.
- Experience handling third-party security assessments and penetration testing engagements.
- Relevant certifications preferred:
- CEH
- GWAPT
- OSWE
- CSSLP
- Security+
- AWS Security Specialty
- Azure Security Engineer Associate
Key Performance Indicators (KPIs)
- Vulnerability remediation SLA compliance.
- Reduction in recurring security vulnerabilities.
- Percentage of applications onboarded to Secure SDLC.
- Security testing coverage across applications.
- DevSecOps automation adoption rate.
- Compliance audit observations related to application security.
- Mean Time to Remediate (MTTR) application vulnerabilities.
Nice to Have
- Experience in AI/ML Application Security.
- Experience with GenAI security controls and OWASP LLM Top 10.
- Mobile application security testing (Android/iOS).
- Red Team or Penetration Testing experience.
- Experience with bug bounty program management.
Bottom of Form