Application Security Engineer

Stefanini Group is hiring!

Exciting opportunity awaits let us help you get started!

Click Apply now or you may call: / email: Manisha Singh () for faster processing!

Position Summary

As a key member of our Internal Product Security Engineering team you will lead penetration-testing engagements for high-scale web applications and APIs validating security controls and uncovering exploitable parallel you will conduct structured threat-modeling workshops and security-design reviews for new features and services managing each engagement from scoping to remediation follow-up in close partnership with engineering and cross-functional stakeholders. The insights you provide will drive prompt fixes and shape the organizations long-term security roadmap.

Key Responsibilities

• Penetration Testing
• Plan execute and document manual and tool-assisted tests for enterprise-scale web apps and REST/GraphQL/gRPC APIs.
• Demonstrate exploitation paths (auth / logic / data exposure) and develop proofs-of-concept.
• Retest remediations and deliver clear prioritized reports.
• Threat Modeling & Security Design Review
• Facilitate formal and informal Threat Modeling using STRIDE-like frameworks or Attack-Tree sessions for new or significantly modified services.
• Produce risk artefacts recommend mitigations and track closure of findings.
• Security Engineering & Advocacy
• Champion secure-by-default patterns (least privilege IaC hardening SDL best practices) across the SDLC.
• Contribute to internal security tooling and CI/CD guardrails.

Requirements:

• Bachelors degree in Computer Science Engineering or equivalent practical experience.
• 4 years in product or application security engineering with hands-on web/API penetration-testing work.
• Expertise with a leading pentest platform (Burp Suite Pro OWASP ZAP Nuclei etc.).
• Scripting/automation ability in Python Go or similar; quick at reading unfamiliar codebases.
• Practical experience with STRIDE or comparable threat-model frameworks.
• Familiarity with cloud-native environments (microservices Kubernetes serverless).
• Communication: Exceptional written and verbal skills for both technical and non-technical audiences.

Preferred Qualifications

• Offensive-security certifications (OSCP OSWE OSWA BSCP).
• Secure-coding experience in languages such as: Java C# Python or Rust.
• Experience in security controls for cloud platforms such as AWS Azure or Google Cloud.
• Open-source contributions bug-bounty recognitions or CTF placements.
• Exposure to mobile or desktop application security.
• Knowledge of or interest in AI security controls and testing.

Personal Attributes

• Maintains professionalism under pressure.
• Meticulous eye for detail.
• Self-driven and proactive.
• Thrives on complex challenges.
• Dependable cooperative team player.

*Listed salary ranges may vary based on experience qualifications and local market. Also some positions may include bonuses or other incentives*

About Stefanini Group

The Stefanini Group is a global provider of offshore onshore and near shore outsourcing IT digital consulting systems integration application and strategic staffing services to Fortune 1000 enterprises around the world. Our presence is in countries like Americas Europe Africa and Asia and more than 400 clients across a broad spectrum of markets including financial services manufacturing telecommunications chemical services technology public sector and utilities. Stefanini is a CMM level 5 IT consulting company with global presence. We are CMM Level 5 company.