Application Security Engineer 1

About Us

Exotel is a leading provider of AI transformation solutions for enterprise customer engagement and experience. With over 20 billion annual conversations across omnichannel voice agents and bots Exotel is trusted by 7000 clients worldwide spanning industries such as BFSI Logistics Consumer Durables E-commerce Healthcare and Education. Customer expectations are evolving rapidly and businesses face the challenge of balancing revenue growth cost optimisation and exceptional CX. Exotel steps in as the transformative partner delivering AI-powered communication solutions that address all three enabling businesses to engage smarter faster and better.

About the Role

As an Application Security Engineer you will get to work on the security of our apps/services - Web Mobile and API-based at Scale. Implementing granular security controls at various points of the Secure Software Development Lifecycle.
The Goal is to build Seamless Security. We want you to redefine how developers view security eliminating friction and improving Security natively.

You will work closely with other Security functions DevOps Security Lead and Developers and QA to build highly reliable and secure products.

Responsibilities

• Experience in 1 or more of the following areas

• API Security

• Web Application Security

• Mobile Application Security

• Penetration Testing experience

• Hands on with Python/Shell Scripting for Vulnerability Identification and Remediation

• Work with developers on Vulnerability prioritization for SCA(Software Composition Analysis) vulnerabilities based on EPSSCISA KEV.

• Work on Custom SAST DAST and other Security tools in the lifecycle. Work on findings evaluation prioritization and fix/mitigate.

• Contribute to the Security Champions program training modules.

• Work on Security Incidents for Applications/Services across the ecosystem.

Requirements

• Overall 1-2 years of relevant experience

• Bachelors degree in Computer Science or a related technical discipline or equivalent practical experience.

• Understanding of security frameworks and standards like OWASP & NIST Solid understanding of security protocols cryptography authentication authorization. Prior Experience in solving any of OWASP Top 10 highly desirable.

• Good understanding of Linux and Windows OS TCP/IP protocol stack and networking fundamentals and security principles at all layers of the OSI stack

• Experience with API security network security cryptography PKI certificate management

• Knowledge and experience in web application security testing vulnerability assessment penetration testing and generating reports using tools like Burp Suite Paros AppScan Wireshark Nmap and Nessus.

• Advanced Expertise in at least one language Shell scripting/Python/Go/NodeJS