Senior Application Security Engineer

Location

Ahmedabad

Experience

5 \- 10 Years

Job Code

EDNES052608

Education Qualification

Master Degree \- Marketing

###### **Job Briefing**

EvinceDev (Evince Development) is looking for Talented candidates as per the requirements described here.

Following are the Brief points of the Job requirements

• Lead application security initiatives across web, mobile, API, and cloud platforms.
• Perform manual penetration testing and vulnerability assessments.
• Identify vulnerabilities such as IDOR, Broken Authentication, Injection, Security Misconfigurations, and related OWASP Top 10 risks.
• Collaborate closely with engineering teams for vulnerability remediation and secure coding implementation.
• Define and maintain security policies, security runbooks, and incident response procedures.
• Conduct threat modelling and security reviews for new product features and releases.
• Manage external security assessments and penetration testing engagements.
• Monitor cloud infrastructure security across AWS, Azure, or GCP environments.
• Ensure alignment with compliance standards such as PCI\-DSS and privacy/security best practices.
• Build and maintain secure CI/CD security pipelines using SAST, DAST, dependency scanning, and secret detection.
• Drive organization\-wide security awareness and engineering collaboration.
• Participate in security architecture reviews and provide secure design recommendations.

###### **Must Have Skills**

• 5\+ years of experience in Application Security, Penetration Testing, or Security Engineering. Strong hands\-on experience in manual application security testing
• Expertise in identifying OWASP Top 10 vulnerabilities across APIs and web applications. Strong understanding of REST APIs, authentication mechanisms, authorization flows, and secure session handling
• Hands\-on experience with Burp Suite Pro, OWASP ZAP, or equivalent security testing tools. Strong knowledge of secure coding practices and vulnerability remediation
• Ability to read and understand application code in technologies such as Node.js, Python, PHP, or React Native.
• Experience with Linux environments and command\-line security tooling. Understanding of CI/CD security practices and DevSecOps concepts
• Ability to work independently and own security initiatives from planning to execution

###### **Primary Skills**

• Application Security Testing
• API Security Testing
• Penetration Testing
• OWASP Top 10 Security Standards
• Burp Suite Pro / OWASP ZAP
• Secure SDLC Practices
• SAST / DAST Implementation
• Vulnerability Assessment \& Remediation
• Cloud Security (AWS / Azure / GCP)
• CI/CD Security Integration
• Secure Authentication \& Authorization
• Linux Security Tooling

###### **Good To Have**

• OSCP (Offensive Security Certified Professional)
• CEH, PNPT, OSWE, CRTE, or equivalent certifications
• Mobile Application Security experience (iOS / Android)
• Experience with Frida, Objection, or mobile binary analysis tools
• Experience in Bug Bounty platforms such as HackerOne or Bugcrowd
• Exposure to PCI\-DSS or payment security practices
• Experience building security functions in startups or product organizations
• Familiarity with DevSecOps tooling and infrastructure security automation
• Knowledge of privacy and compliance frameworks
• Exposure to container security and Kubernetes security practices

• *To apply on this role kindly send email on** **hr@evincedev.com**