Application Security Engineer

Application Security Engineer Department: Global Analytics and Technology Employment Type: Permanent - Full Time Location: India Description Job location: Remote About the role: In this role, you will own the end-to-end security posture of our product platform — spanning mobile applications, REST APIs, microservices, cloud infrastructure, and third-party integrations. You will be involved into the product and engineering lifecycle early, shaping secure design decisions before code is written, and validating them through rigorous assessment. This is a hands-on, deeply technical role where you will both break and help build. What you will be expected to do Own Application security responsibility for assigned business functions by performing threat modeling, architecture reviews, penetration testing, secure coding programs, and vulnerability management. Perform manual penetration testing and vulnerability assessments on web applications, APIs, and android mobile applications Perform security reviews for AI‑native products, models, pipelines, and inference services. Onboard applications into the SSDLC program and be a security point of contact for the application product. Own security incident response for product-layer issues, define remediation plans, and track fixes through to closure Integrate and tune SAST/DAST/IAST/SCA tools in CI/CD, create custom rules where needed and actively triage false positives. Review and harden cloud infrastructure — Kubernetes RBAC, pod security, network policies, Istio service mesh, Keycloak/OIDC configurations, and IAM across AWS, DigitalOcean, GCP, and Firebase Communicate vulnerabilities and risk clearly to developers, product managers, and leadership — in language that drives actionable results Conduct Application security trainings for engineers, product managers etc You might be a strong candidate if you have/are Experience 2–4 years of hands-on application security experience, ideally in product‑based or SaaS companies working directly with engineering teams. Solid understanding of OWASP Top 10, API Security Top 10, and common authorization flaws including BOLA, BFLA, and privilege escalation Familiarity with security compliance and data privacy frameworks relevant to fintech (SOC 2, PCI-DSS, GDPR, DPDP or similar) is an advantage Technical Skills Perform manually testing web apps, APIs, and Android apps, manual code reviews (beyond just running tools). Familiarity with OAuth2, OIDC, JWT, and typical misconfigurations in providers such as Keycloak and Firebase. Experience integrating and tuning SAST/DAST (and optionally SCA/IAST) tools within CI/CD pipelines. Exposure to cloud‑native security: Kubernetes, containers, service mesh (Istio mTLS and policies), and IAM concepts across at least one major cloud provider. Experience with Cloudflare WAF, perimeter security scanning, and/or red‑team testing is a plus. AI and LLM security (strong plus) Familiarity with AI/LLM security risks (e.g., OWASP LLM Top 10). Practical experience implementing guardrails, prompt validation, output filtering, or other safety controls in production AI features, or assessing insecure use of third‑party AI APIs. Automation and tooling Ability to script/automate (e.g., Python, Bash) to streamline testing, data collection, and reporting. Interest in or experience with building AI based security tools that improve coverage or reduce manual toil. Passion for security Keep abreast of the latest security vulnerabilities and security trends Work in a low supervision environment with high accountability

Qualifications

Bachelor's degree in Computer Science, Cyber Security is preferred At least 2 years of experience in the Application security domain. Security certification such as OSCP, OSWE, GWAPT, GPEN, CRTP is preferred; active bug bounty participation is a strong plus Outstanding communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders. What Sun King offers Professional growth in a dynamic, rapidly expanding, high-social-impact industry An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet. A truly multicultural experience: you will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds. Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.