Senior Application Security Engineer

Role Overview:

The Application Security Senior Engineer plays a crucial role in safeguarding our applications and digital assets against security threats. With a primary focus on Vulnerability Assessment and Penetration Testing (VAPT), this position involves identifying, assessing, and mitigating security vulnerabilities across our application portfolio.

Key Responsibilities:

1. Vulnerability Assessment and Penetration Testing (VAPT):

Conduct comprehensive security assessments of applications using industry-standard tools and techniques, including manual testing and automated scans to identify vulnerabilities such as OWASP Top 10, SQL injection, XSS, CSRF, etc.

Analyze and interpret assessment findings, providing clear and actionable recommendations to development teams, and support the security gating process with timely security assessment and reporting.

Provide guidance and assistance on secure software development life cycle, track identified vulnerabilities through to resolution, collaborating closely with development teams to ensure timely mitigation, and provide detailed vulnerability reports and metrics to stakeholders, including risk assessments and remediation progress.

2. Support for Security Projects:

Actively participate in security projects and initiatives, providing expertise and guidance on application security best practices, perform Security Architecture review for existing and new security projects, and guide on security best practices.

Collaborate with architects and developers to integrate security into the SDLC (Secure Development Life Cycle) and CI/CD pipelines.

3. Incident Response and Support:

Assist in incident response activities related to application security incidents, contribute to root cause analysis and lessons learned sessions to improve incident handling and prevention strategies.

4. Security Awareness and Training:

Develop and deliver training sessions on secure coding practices and application security awareness, promote a culture of security within the organization, advocating for continuous improvement and adherence to security policies.

Requirements:
• Bachelor's degree in Computer Science/Information Technology, or a related field.
• Minimum of 5 years of experience in application security, with a focus on VAPT and secure development practices.
• Proven experience with security assessment tools such as Burp Suite, Qualys, Nessus, etc.
• Strong understanding of web application architecture, including front-end, back-end, and APIs.
• Solid knowledge of OWASP guidelines and best practices for secure coding.
• Certifications such as CISSP, CEH, OSCP, or similar are preferred.
• Excellent communication skills with the ability to articulate technical concepts to non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail.

About Tanla:
• Impactful Work: Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry.
• Tremendous Growth Opportunities: Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development.
• Innovative Environment: Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated.
• Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees.