Application Security Engineer (1-3+ years of experience)

We are looking for an Application Security Engineer (L1) to join our security team. This is an entry-level position requiring at least 1 year of hands-on experience in application security testing. You will work on identifying and reporting vulnerabilities across web, mobile, API, and thick client applications while collaborating with senior engineers to improve application security.

• Perform vulnerability assessments and penetration tests for web, mobile, API, and thick client applications. • Identify and document application flaws, misconfigurations, and business logic issues. • Assist in providing remediation guidance to developers and stakeholders. • Prepare security testing reports and maintain accurate documentation. • Stay updated with evolving security threats, tools, and methodologies. Required Skills • Good understanding of OWASP Top 10 and common application vulnerabilities. • Knowledge of security testing tools such as Burp Suite, OWASP ZAP, Postman, or MobSF. • Familiarity with secure coding principles and application architectures. • Basic programming/scripting knowledge (Python, Java, JavaScript, or C#). • Strong problem-solving and analytical mindset. Preferred Qualifications • Bachelor’s degree in Computer Science, Information Security, or related field. • Hands-on experience with Capture the Flag (CTF) challenges, bug bounty programs, or security labs.

• In-depth expertise with OWASP Top 10, API Security Top 10, and mobile security standards (OWASP MSTG). • Advanced knowledge of tools like Burp Suite Pro, Frida, Drozer, Objection, Postman, and SQLMap. • Strong technical understanding of authentication, API security, session management, and cryptographic practices. • Experience with cloud security concepts (AWS, Azure, GCP) in relation to application hosting. • Scripting and automation skills in Python, Bash, or PowerShell. • Excellent communication for both technical and executive-level reporting. Certifications (Mandatory) • At least one recognized security certification such as , CEH, GPEN, or CRTP are mandatory. Preferred OSCP, OSCE, CRTO etc.