Skip to main content
Posted 10 June, 2026

Application Security Engineer

Inovalon
Hyderabad, India Full Time
Reference: 102_699564_7739936003

Role Overview

We are seeking a Staff Software Engineer with a strong focus on application security to serve as a technical leader responsible for embedding security across the design, development, and operation of our cloudnative SaaS platforms. This role plays a critical part in establishing secure coding standards, and ensuring that security risks, requirements, and controls are effectively implemented, tested, and validated throughout the product lifecycle.

The ideal candidate has handson experience securing SaaS applications operating under HIPAA and PCI compliance requirements, and acts as a trusted partner to Engineering, Architecture, Quality Engineering, DevSecOps, and Compliance teams. This is not a policyonly or auditonly role-the Staff Engineer is expected to lead through technical depth, influence, and handson contribution.

Key Responsibilities

Secure Software Engineering & Technical Leadership

  • Act as a security engineering subject matter expert across multiple teams or services.
  • Establish, document, and evolve secure coding standards, patterns, and best practices for SaaS applications.
  • Lead and participate in secure design and code reviews, identifying security flaws, architectural risks, and improper patterns early.
  • Collaborate with engineers to remediate vulnerabilities in a maintainable and scalable manner.
  • Ensure security considerations are balanced with performance, reliability, and developer productivity.

Risk & Architecture Security

  • Identify assets, trust boundaries, attack surfaces, and data flows-including PHI and payment data.
  • Define, track, and manage security risks, mitigations, and accepted residual risks as engineering artifacts.

Security Requirements & Controls

  • Translate threats and regulatory obligations into clear, actionable, testable security requirements.
  • Ensure security requirements are incorporated into:
    • Architecture decisions
    • Product backlogs
    • Acceptance criteria and definitions of done
  • Define and validate security controls for:
    • Authentication and authorization
    • Encryption and key management
    • Secure session management
    • Protection of PHI and cardholder data

SaaS, Compliance & Regulated Environments

  • Provide security engineering leadership for SaaS applications subject to HIPAA and PCI DSS requirements.
  • Partner with Compliance, Risk, and Audit teams to ensure engineering designs and implementations support regulatory obligations without excessive friction.
  • Ensure compliance requirements are addressed through engineering controls and testable validation, not manual processes alone.

Testing, Validation & Secure SDLC

  • Partner with Quality Engineering and DevSecOps to validate security controls using:
    • Secure code analysis
    • Threatdriven test scenarios
    • Security regression testing
  • Verify that mitigations identified through threat modeling are correctly implemented and effective prior to release.
  • Support penetration testing, security assessments, and remediation efforts, ensuring findings are resolved sustainably.

Collaboration & Influence

  • Influence security posture across teams through technical leadership, not enforcement.
  • Coach engineers on secure design patterns and common security pitfalls.
  • Serve as a key technical contributor during incident response, rootcause analysis, and security retrospectives.

Required Qualifications

  • 6+ years of experience as a Software Engineer, with strong emphasis on application security.
  • Proven experience securing cloudnative SaaS applications.
  • Handson experience establishing or enforcing secure coding standards.
  • Strong understanding of:
    • Authentication and authorization failures
    • Secure session management
    • Injection and input validation risks
    • Encryption, key management, and data protection
  • Experience working in Agile development environments.

Required Domain Experience

  • Experience supporting HIPAAregulated systems, including protection of PHI.
  • Experience working with or supporting PCI DSSscoped applications and payment data flows.
  • Understanding of how compliance requirements translate into practical engineering controls.

Preferred Certifications

One or more of the following are strongly preferred:

  • CSSLP - Certified Secure Software Lifecycle Professional
  • Cloud security certifications (GCP or equivalent security specialization)
  • Applicationsecurityfocused certifications (e.g., GWAPT, GWEB)

Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.