Application Security Engineer II

Job Summary
We are looking for a mid-to-senior level Application Security Engineer to own the security
posture of our web mobile and AI-driven ecosystems. You are expected to operate with high
autonomy moving beyond simple checklist-based testing to proactive threat modeling and
automated defense. You will collaborate with engineering teams to ensure our rapid deployment
cycle remains secure by design.

Key Responsibilities:

1. Advanced Application Security & Pentesting
Conduct deep-dive manual and automated penetration testing on Web Mobile
(iOS/Android) and API layers.
Master the OWASP Top 10 and SANS 25 frameworks to identify and remediate complex
logic flaws.
Perform manual code reviews for high-risk features in and Python.

2. Cloud & Infrastructure (AWS Focus)
Audit and harden AWS environments focusing on IAM least-privilege policies and VPC
security.
Secure serverless architectures (Lambda) and containerized workloads
(Kubernetes/Docker).
Implement and monitor AWS security services like GuardDuty Security Hub and
Inspector.

3. Emerging Tech: AI & Low-Code Security
AI Agents: Conduct security assessments for LLM-based features protecting against
prompt injection data leakage and insecure output handling (OWASP for LLMs).
Low-Code/No-Code: Establish governance and security reviews for internal tools (e.g.
Retool Zapier) to prevent unauthorized data exposure.
API Integrity: Secure the machine-to-machine communication between our AI agents
and core healthcare microservices.

4. DevSecOps & Automation
Integrate and manage SAST DAST and SCA tools (Snyk Burp Suite SonarQube)
directly into the CI/CD pipeline.
Build custom automation scripts (Python/Go) to detect secrets in code or misconfigured
cloud assets in real-time.

Qualifications & Skills

1) Minimum Requirements
Experience: 4-5 years in Application Security or Penetration Testing.
Education: in Computer Science or a related technical field.
Certifications: OSCP eWPT or GWAPT (preferred); CEH (minimum).
Tooling: Expertise in Burp Suite Professional Metasploit Postman and Cloud-native
security tools.

2) Technical Proficiencies
Languages: Ability to read/write Python and for exploit development and script
automation.
Standards: Deep knowledge of OAuth2 JWT TLS/SSL and Cryptographic standards.
Cloud: Hands-on experience with Terraform/IaC security scanning.

3) Soft Skills
The Security Partner Mindset: Ability to explain complex vulnerabilities to SDEs in a
way that encourages remediation rather than friction.
Analytical Thinking: The ability to think like a hacker while providing builder-centric
solutions.

MediBuddy Introduction:
MediBuddy is Indias largest on-demand full-stack digital healthcare platform that helps patients access multiple healthcare services. It gives users 24x7 access to high-quality healthcare at their fingertips. MediBuddy helps its users consult specialist doctors order medicines and book lab tests from the comfort of their homes. It is also a partner to several leading corporate customers in the country and helps theiremployees access multiple healthcare benefits. MediBuddy users have access to online doctorconsultations wellness preventive care services fitness and hospitalization offered by its pan-Indianetwork of healthcare providers with its unparalleled reach.

It also provides its customers hassle-free end-to-end surgery care through a Care Buddy right from connecting them to the right surgeon to post-operative recovery care. MediBuddys surgery care provides specialized treatment in several other departments like Proctology Ophthalmology Vascular ENT Orthopaedics Urology Gynaecology and more. With full-stack Surgery Care management servicesMediBuddy assures customers an array of solutions for every medical financing insurance and recoveryneed of its customers undergoing surgery.

The digital healthcare platform has a partner network of 90000 doctors 7100 hospitals and clinics4000 diagnostic centers 2500 pharmacies along with a team size of 2200 members. It has createdan integrated healthcare ecosystem that offers patients seamless access anytime and anywhere. It hascreated an integrated healthcare ecosystem that offers patients seamless access anytime and anywherein 10 minutes. With its healthcare services available in 16 Indian languages to enable customer-friendlyconsultation MediBuddy is bridging the Urban-Rural quality healthcare divide. MediBuddy offers onlineand offline doctor consultations medicine delivery lab tests at home mental health consultations surgerycare among other healthcare services.