Designation: Application Security Engineer

Office Location

Cessna Business Park, Bangalore

Work Mode: 4 Days Work From Office (WFO)

Position Description

The Application Security Engineer will be responsible for securing LeadSquared's SaaS products and infrastructure by conducting security assessments, performing code reviews, managing vulnerabilities, and embedding security practices across the software development lifecycle.

This role sits at the intersection of engineering and security, requiring strong technical expertise along with the ability to collaborate effectively with cross-functional teams.

Primary Responsibilities

• Conduct application security assessments across web, API, and mobile platforms.
• Perform secure code reviews to identify and remediate vulnerabilities early in the SDLC.
• Carry out cloud security assessments for SaaS infrastructure and services (AWS/Azure).
• Manage the vulnerability lifecycle end-to-end—from discovery through resolution and closure.
• Deliver security training and awareness sessions to internal engineering and product teams.
• Develop internal tools and frameworks to support security automation and engineering initiatives.

Additional Responsibilities

• Integrate security testing into CI/CD pipelines in alignment with DevSecOps practices.
• Support compliance-related assessments and audits (ISO 27001, HIPAA).
• Assist in threat modeling exercises and risk assessments for new product features.
• Contribute to the documentation of security standards, guidelines, and best practices.

Required Work Experience

Industry

• SaaS / Software Product / IT

Relevant Experience

• Application Security
• Product Security
• Penetration Testing

Years of Experience

• 1–3 years of experience in Product/Application Security.
• Minimum 1 year of hands-on software development experience preferred.

Key Performance Indicators (KPIs)

• Number and severity of vulnerabilities identified and remediated per quarter.
• Coverage of applications assessed (Web, API, and Mobile).
• Time-to-resolution for Critical and High severity vulnerabilities.
• Security training sessions delivered and participation rates.
• Automation frameworks built and integrated into CI/CD pipelines.

Required Competencies

• Strong analytical thinking with a security-first mindset.
• Ability to collaborate effectively with engineering and product teams.
• Self-driven with the ability to manage multiple assessments simultaneously.
• Strong documentation and communication skills for both technical and non-technical audiences.

Required Knowledge

• OWASP Top 10, SANS CWE, and common vulnerability frameworks.
• Cryptography, authentication mechanisms, and risk assessment principles.
• Cloud security best practices on AWS and/or Azure.
• Compliance standards such as ISO 27001 and HIPAA.
• Threat modeling concepts and Secure SDLC principles.

Required Skills

Security Tools

Hands-on experience with:

• Burp Suite
• SonarQube
• SQLMap
• SAST, DAST, and SCA tools

Programming

• Secure coding practices.
• Scripting proficiency in Python and/or JavaScript.

DevSecOps

• CI/CD pipeline integration.
• Experience with DevSecOps tooling.
• Security test automation to improve assessment coverage and efficiency.

Preferred Candidate Profile

• Passionate about building secure products and fostering a security-first culture.
• Comfortable working in a fast-paced SaaS product environment.
• Ability to balance security requirements with business and engineering priorities.