Job Title: Staff Engineer - Application Security

We are seeking a highly experienced Principal Engineer in Application Security to join our team. The ideal candidate will play a critical role in ensuring our applications are secure and comply with the Indian Data Protection and Privacy (DPDP) laws. This position requires a deep understanding of application security principles, regulatory compliance, and hands-on technical expertise.

Key Responsibilities:

Application Security Management:

• Design, implement, and maintain robust security measures for our applications.

• Conduct regular security assessments, penetration testing, and code reviews.

• Develop and enforce security policies, standards, and best practices.

Compliance and Governance:

• Ensure all applications comply with Indian DPDP laws and other relevant regulations.

• Monitor and stay updated with changes in data protection laws and regulations.

• Collaborate with legal and compliance teams to address regulatory requirements.

Security Architecture and Engineering:

• Architect and design secure software solutions that adhere to industry standards and regulatory requirements.

• Implement secure coding practices and provide guidance to development teams.

• Evaluate and recommend security tools and technologies to enhance application security.

Incident Response and Risk Management:

• Lead incident response activities related to application security breaches.

• Perform risk assessments and manage security vulnerabilities.

• Develop and execute mitigation strategies to address identified risks.

Leadership and Collaboration:

• Provide technical leadership and mentorship to junior security engineers.

• Provide domain-specific expertise, overall security leadership and perspective to cross- organization projects, programs, and activities.

• Collaborate with cross-functional teams including development, IT, and legal to ensure security and compliance.

• Represent the security team in meetings and discussions with senior management.

Required Qualifications:

• Education: Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.

• Experience: At least 10 years of experience in application security, with a focus on compliance with data protection laws such as the Indian DPDP.

• Technical Skills:

• Proficiency in secure coding practices, threat modeling, and security architecture.

• Strong knowledge of security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Veracode).

• Experience with cloud security (AWS, Azure, GCP) and securing containerized environments (Docker, Kubernetes).

• Familiarity with regulatory requirements and frameworks (ISO 27001, NIST, GDPR).

• Certifications: Relevant security certifications such as CISSP, CSSLP, CEH, or equivalent are highly desirable.

Preferred Qualifications:

• Experience in the fintech or healthcare industry, where data protection is critical.

• Hands-on experience with security automation and DevSecOps practices.

• Knowledge of emerging technologies such as AI/ML in the context of security.