Application Security Engineer

Role - Application Security Engineer

Experience - 4-7 yrs

Location - Bangalore

Qualifications & Experience

%CF; Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or equivalent practical experience.

%CF; Experience: 3–5+ years in application security, product security, or penetration testing with strong hands-on skills.

%CF; Technical Testing: Demonstrated experience in web application and API security testing; mobile security experience is strongly preferred.

%CF; Tooling: Proficiency with at least two of the following: Accunetix, Burp Suite, OWASP ZAP SonarQube (or other SAST tools), dependency scanning, or secrets scanning

tools.

Technical Knowledge & Skills

%CF; Deep understanding of OWASP Top 10 and API security risks (BOLA/IDOR, mass assignment, rate-limit abuse).

%CF; Strong grasp of authentication and authorization models, including JWT, OIDC, and session handling.

%CF; Working knowledge of DevSecOps practices and embedding security testing into CI workflows (GitHub Actions).

%CF; Ability to build reproducible proofs and utilize scripting (Python/Node) for light automation.

%CF; Familiarity with Cloudflare WAF/API Shield and API gateway architectures (Kong/AWS API Gateway) is a plus.