Application Security Engineer 3

About Us

Exotel is a leading provider of AI transformation solutions for enterprise customer engagement and experience. With over 20 billion annual conversations across omnichannel voice agents and bots Exotel is trusted by 7000 clients worldwide spanning industries such as BFSI Logistics Consumer Durables E-commerce Healthcare and Education. Customer expectations are evolving rapidly and businesses face the challenge of balancing revenue growth cost optimisation and exceptional CX. Exotel steps in as the transformative partner delivering AI-powered communication solutions that address all three enabling businesses to engage smarter faster and better.

About the Role

As our Application Security Engineer you will get to work on the security of our apps/services - Web Mobile and API-based at Scale. Implementing granular security controls at various points of the Secure Software Development Lifecycle.

The Goal is to build Seamless Security. We want you to redefine how developers view security eliminating friction and improving Security natively.

You will work closely with other Security functionsInfra Architects and Developers to build highly reliable and secure products.

Responsibilities

Threat modeling experience for any Web/Mobile/API Application/Service prior experienceof 1-2 years is desirable.

• Expertise in 1 or more of the following areas:-

• API Security

• Web Application Security

• Mobile Application Security
  
  

Assist the Application Security Lead in Secure by Design reference architectures forDeveloper adoption- Secure Architecture frameworks.

Build the SCA(Software Composition Analysis) map for all the third party dependencyusage at Scale and prioritize vulnerabilities based on EPSSCISA KEV.

Vulnerability Identification and Remediation with focus on vulnerability prioritization usingEPSSCISA KEV

Build a robust SSDLC pipeline and envision frictionless experience for Developers in thelifecycle. Including but not limited to SAST DAST and other Security tools in the lifecycle.

Work on findings evaluation prioritization and fix/mitigate at scale.

Implement Data Security standard and work with Engineering to work on Sensitive Data leakage.

Work on providing proactive Security Best practice evaluation and enforcement for thirdparty applications (COTS-Commercial-Off-the-Shelf) .

Contribute to the Security Champions program training modules.

Work with Cloud Security to improve Web App Firewalls (WAF) fine tuning for applications/services at use at Exotel.

Work on Security Incidents for Applications/Services across the ecosystem.

Requirements

Overall 5-7 years of relevant experience

Bachelors degree in Computer Science or a related technical discipline or equivalentpractical experience.

Understanding of security frameworks and standards like OWASP & NIST Solid understanding of security protocols cryptography authentication authorization. PriorExperience in solving any of OWASP Top 10 highly desirable.

Good understanding of Linux and Windows OS TCP/IP protocol stack and networkingfundamentals and security principles at all layers of the OSI stack

Experience with API security network security cryptography PKI certificate management

Experience in CI/CD Tools Including Git Jenkins Ansible or similar

Knowledge and experience in web application security testing vulnerability assessmentpenetration testing and generating reports using tools like Burp Suite Paros AppScanWireshark Nmap and Nessus.

Advanced Expertise in at least one language Shell scripting/Python/Go/NodeJS