Application Security Engineer / Secure Code Remediation Engineer

Role: Application Security Engineer / Secure Code Remediation Engineer

• Type : Permanent / Direct Placement

• Salary: INR 23 Lakhs

• Exp: 5 + years

• Number of openings : 3

• Work Mode: Work from Office

• Notice Period: Immediate to 2 Weeks

Job Summary

We are looking for a hands-on Application Security Engineer with strong experience in Java, Spring Boot, and secure coding practices.

The candidate will be responsible for identifying, analyzing, and fixing security vulnerabilities in Java and JavaScript applications. The role involves working closely with development, DevOps, and cloud teams to improve application security and support DevSecOps initiatives.

---

Key Responsibilities



Secure Code Review & Vulnerability Fixing

• Review Java and JavaScript application code for security issues

• Identify and fix application vulnerabilities

• Perform root cause analysis for reported security findings

• Ensure applications follow secure coding standards and OWASP guidelines

Common Vulnerabilities to Handle

• SQL Injection

• Cross-Site Scripting (XSS)

• CSRF

• IDOR

• Authentication & Authorization issues

• Sensitive data exposure

• Insecure deserialization

---

Java & Spring Security

Work on securing applications developed using:

• Java

• Spring Boot

• Spring MVC

• Spring Security

Responsibilities include:

• Fixing insecure configurations

• Securing authentication and session management

• Resolving dependency-related vulnerabilities

• Improving API security

---

Security Tools & Scanning

Use security tools to identify and remediate vulnerabilities:

• Snyk

• Qualys

• SAST / DAST tools

• Dependency scanners

Responsibilities include:

• Analyzing scan reports

• Fixing identified issues

• Re-running scans to validate remediation

---

Third-Party & Open-Source Security

• Identify vulnerabilities in open-source libraries and dependencies

• Upgrade or replace vulnerable packages

• Track CVEs and security advisories

• Ensure secure dependency management

---

Cloud & DevSecOps Security

Support security improvements for applications hosted on:

• AWS

• Azure

• GCP

Responsibilities include:

• IAM policy review

• Secrets management

• API security improvements

• CI/CD security support

• Working with DevOps teams for secure deployments

---

Front-End / JavaScript Security

• Fix vulnerabilities in JavaScript applications and npm packages

• Improve client-side security

• Ensure secure API integrations and data handling

---

Required Skills



Mandatory Technical Skills

• Strong experience in Java

• Hands-on experience with Spring Boot, Spring MVC, and Spring Security

• Good understanding of OWASP Top 10 vulnerabilities

• Experience in secure coding and vulnerability remediation

• Knowledge of DevSecOps concepts

• Experience using security scanning tools like:

• • Snyk

• • Qualys

• • SAST / DAST tools

---

Additional Preferred Skills

• Cloud security knowledge (AWS / Azure / GCP)

• API security understanding

• CI/CD security integration

• Experience with microservices architecture

---

Preferred Certifications

Any of the below certifications will be an added advantage:

• CEH

• CSSLP

• OSCP

• AWS Security Specialty

---

Preferred Candidate Profile

We are looking for candidates with experience in:

• Application Security

• Secure Code Review

• Vulnerability Remediation

• DevSecOps Security

• Java Security Engineering

---

Suitable Job Titles

• Application Security Engineer

• AppSec Engineer

• Secure Code Review Engineer

• Secure Code Remediation Engineer

• DevSecOps Security Engineer

• Java Security Engineer

• Product Security Engineer

---

Work Location

Hyderabad