Application Security Engineer / Secure Code Remediation Engineer
Role: Application Security Engineer / Secure Code Remediation Engineer
· Type : Permanent / Direct Placement
· Salary: INR 23 Lakhs
· Exp: 5 + years
· Number of openings : 3
· Work Mode: Work from Office
· Notice Period: Immediate to 2 Weeks
Job Summary
We are looking for a hands-on Application Security Engineer with strong experience in Java, Spring Boot, and secure coding practices.
The candidate will be responsible for identifying, analyzing, and fixing security vulnerabilities in Java and JavaScript applications. The role involves working closely with development, DevOps, and cloud teams to improve application security and support DevSecOps initiatives.
Key Responsibilities
Secure Code Review & Vulnerability Fixing
- Review Java and JavaScript application code for security issues
- Identify and fix application vulnerabilities
- Perform root cause analysis for reported security findings
- Ensure applications follow secure coding standards and OWASP guidelines
Common Vulnerabilities to Handle
- SQL Injection
- Cross-Site Scripting (XSS)
- CSRF
- IDOR
- Authentication & Authorization issues
- Sensitive data exposure
- Insecure deserialization
Java & Spring Security
Work on securing applications developed using:
- Java
- Spring Boot
- Spring MVC
- Spring Security
Responsibilities include:
- Fixing insecure configurations
- Securing authentication and session management
- Resolving dependency-related vulnerabilities
- Improving API security
Security Tools & Scanning
Use security tools to identify and remediate vulnerabilities:
- Snyk
- Qualys
- SAST / DAST tools
- Dependency scanners
Responsibilities include:
- Analyzing scan reports
- Fixing identified issues
- Re-running scans to validate remediation
Third-Party & Open-Source Security
- Identify vulnerabilities in open-source libraries and dependencies
- Upgrade or replace vulnerable packages
- Track CVEs and security advisories
- Ensure secure dependency management
Cloud & DevSecOps Security
Support security improvements for applications hosted on:
- AWS
- Azure
- GCP
Responsibilities include:
- IAM policy review
- Secrets management
- API security improvements
- CI/CD security support
- Working with DevOps teams for secure deployments
Front-End / JavaScript Security
- Fix vulnerabilities in JavaScript applications and npm packages
- Improve client-side security
- Ensure secure API integrations and data handling
Required Skills
Mandatory Technical Skills
- Strong experience in Java
- Hands-on experience with Spring Boot, Spring MVC, and Spring Security
- Good understanding of OWASP Top 10 vulnerabilities
- Experience in secure coding and vulnerability remediation
- Knowledge of DevSecOps concepts
- Experience using security scanning tools like:
- Snyk
- Qualys
- SAST / DAST tools
Additional Preferred Skills
- Cloud security knowledge (AWS / Azure / GCP)
- API security understanding
- CI/CD security integration
- Experience with microservices architecture
Preferred Certifications
Any of the below certifications will be an added advantage:
- CEH
- CSSLP
- OSCP
- AWS Security Specialty
Preferred Candidate Profile
We are looking for candidates with experience in:
- Application Security
- Secure Code Review
- Vulnerability Remediation
- DevSecOps Security
- Java Security Engineering
Suitable Job Titles
- Application Security Engineer
- AppSec Engineer
- Secure Code Review Engineer
- Secure Code Remediation Engineer
- DevSecOps Security Engineer
- Java Security Engineer
- Product Security Engineer
Work Location
Hyderabad
