Job Summary:The Application Security Engineer will play a critical role in safeguarding web, mobile, and backend systems from vulnerabilities and malicious activity. This role involves deep technical testing, fraud detection, and integration with development teams to build secure-by-design solutions. It combines security expertise with hands-on experience in modern technologies, including wireless protocols, APIs, automation, and threat detection tools.
Job Responsibilities:- Perform application security testing on front-end web and mobile apps.
- Collaborate with GraphQL and backend teams to secure APIs and data flow.
- Analyze wireless domain components like eSIMs for telecom-specific vulnerabilities.
- Investigate fraud risks in business logic through detailed scenario testing.
- Conduct adversarial testing with a hacker's mindset to simulate abuse cases.
- Simulate social engineering breaches to test internal defenses.
- Monitor and analyze data traffic to identify potential security gaps.
- Create, document, and maintain security policies, procedures, and training materials.
- Implement industry best practices for secure software development.
- Conduct gap analysis to ensure alignment with standards and compliance requirements.
- Continuously evaluate and enhance security posture in response to emerging threats.
- Automate security checks using BDD frameworks and CI/CD pipelines.
Required Skills:Hands-on experience with:- App Security Testing: OWASP ZAP, Burp Suite, MobSF, Appium, Selenium, Charles Proxy
- API Security: GraphQL, JWT, OAuth 2.0, API Gateway, Kong
- Wireless/Telecom: eUICC, GSMA, Wireshark, QXDM, QCAT
- Fraud Detection: Splunk, Kibana, ELK Stack, Python, SQL
- Adversarial Testing: Kali Linux, Metasploit, Threat Modeling Tools
- Social Engineering Simulation: SET, Gophish, OSINT tools
- Monitoring/Data Flow: Wireshark, tcpdump, Fiddler
- Security Standards: NIST, ISO 27001, CIS Benchmarks
- Best Practices: OWASP ASVS, Jenkins, GitHub Actions, Snyk, SonarQube
- Gap Analysis: Nessus, OpenVAS, Qualys, RSA Archer
- Automation & BDD: Karate, Cucumber, Cypress, GitLab CI/CD
Preferred Skills:- Experience in fraud management tools (e.g., Actimize, SAS)
- Familiarity with DevSecOps pipelines and secure SDLC frameworks
- Exposure to CVE analysis and threat intelligence platforms (e.g., Recorded Future, MISP)
Certifications:Security certifications such as OSCP, CEH, GWAPT, or CISSP (preferred but not mandatory)
Education:Bachelor's degree in computer science, Cybersecurity, or a related field
Education: Bachelors Degree
