Application Security Engineer Staff

Job Title: Staff Engineer - Application Security

We are seeking a highly experienced Principal Engineer in Application Security to join our team. The ideal candidate will play a critical role in ensuring our applications are secure and comply with the Indian Data Protection and Privacy (DPDP) laws. This position requires a deep understanding of application security principles regulatory compliance and hands-on technical expertise.

Key Responsibilities:

Application Security Management:

• Design implement and maintain robust security measures for our applications.

• Conduct regular security assessments penetration testing and code reviews.

• Develop and enforce security policies standards and best practices.

Compliance and Governance:

• Ensure all applications comply with Indian DPDP laws and other relevant regulations.

• Monitor and stay updated with changes in data protection laws and regulations.

• Collaborate with legal and compliance teams to address regulatory requirements.

Security Architecture and Engineering:

• Architect and design secure software solutions that adhere to industry standards and regulatory requirements.

• Implement secure coding practices and provide guidance to development teams.

• Evaluate and recommend security tools and technologies to enhance application security.

Incident Response and Risk Management:

• Lead incident response activities related to application security breaches.

• Perform risk assessments and manage security vulnerabilities.

• Develop and execute mitigation strategies to address identified risks.

Leadership and Collaboration:

• Provide technical leadership and mentorship to junior security engineers.

• Provide domain-specific expertise overall security leadership and perspective to cross- organization projects programs and activities.

• Collaborate with cross-functional teams including development IT and legal to ensure security and compliance.

• Represent the security team in meetings and discussions with senior management.

Required Qualifications:

• Education: Bachelors or Masters degree in Computer Science Information Security or a related field.

• Experience: At least 10 years of experience in application security with a focus on compliance with data protection laws such as the Indian DPDP.

• Technical Skills:

• Proficiency in secure coding practices threat modeling and security architecture.

• Strong knowledge of security testing tools (e.g. Burp Suite OWASP ZAP Fortify Veracode).

• Experience with cloud security (AWS Azure GCP) and securing containerized environments (Docker Kubernetes).

• Familiarity with regulatory requirements and frameworks (ISO 27001 NIST GDPR).

• Certifications: Relevant security certifications such as CISSP CSSLP CEH or equivalent are highly desirable.

Preferred Qualifications:

• Experience in the fintech or healthcare industry where data protection is critical.

• Hands-on experience with security automation and DevSecOps practices.

• Knowledge of emerging technologies such as AI/ML in the context of security.