Security Engineer

Job Title: Product / Application Security Engineer

Location: Bengaluru, India (On-Site)

Department: Product Security / Engineering

About The Role

Aptean is seeking a dedicated Product/Application Security Engineer to play a crucial role in designing, building, and maintaining secure applications across its product portfolio. This role involves close collaboration with development, architecture, and DevOps teams to embed security throughout the Software Development Life Cycle (SDLC). The position requires a blend of offensive and defensive security expertise, including hands-on experience in secure design, code review, threat modeling, penetration testing, and vulnerability remediation, ensuring security is a foundational element from concept to deployment.

Key Responsibilities

• Conduct comprehensive application security assessments, including manual and automated testing across web, API, infrastructure, and mobile platforms.
• Partner with developers and architects to integrate robust security controls and best practices into CI/CD pipelines.
• Perform secure code reviews, threat modeling, and design reviews for both new and existing product offerings.
• Develop and manage security automation using tools such as Burp Suite, ZAP, Trivy, Snyk, SonarQube, or custom scripting.
• Contribute to DevSecOps initiatives by integrating static, dynamic, and dependency scanning into build pipelines.
• Collaborate with Product and Engineering teams to effectively triage and remediate vulnerabilities identified through penetration tests, bug bounty programs, or customer reports.
• Provide support for basic security reviews of AI-integrated features, focusing on API access controls and inference endpoint protection.
• Assist in investigating prompt injection or model abuse scenarios within LLM-driven applications, where applicable.

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• 2-4 years of practical experience in application or product security and penetration testing.
• A strong understanding of OWASP Top 10, SANS CWE-25, and contemporary web/mobile security practices.
• Familiarity with SDLC, CI/CD concepts, and tools like GitHub Actions.
• Working knowledge of cloud security principles (AWS, GCP, Azure) and containerized environments (Docker, Kubernetes).
• Proficiency in using security testing tools such as Burp Suite, ZAP, Nmap, SonarQube, Veracode, or Checkmarx.

Preferred Skills

• Familiarity with threat modeling frameworks including STRIDE, PASTA, and LINDDUN.
• Experience in developing security automation within CI/CD environments.
• Relevant certifications such as OSWE or CEH are beneficial but not mandatory.
• Excellent communication and documentation skills, with the ability to articulate technical risks in terms of business impact.

What's in it for you

Aptean offers competitive compensation and comprehensive benefits. Join a fast-paced, flexible, and casual work environment with excellent opportunities for career development and growth.