Senior Application Security Engineer

TL;DR

Senior Application Security Engineer: Driving the hands-on integration of "Security by Design" across the product suite, ensuring applications are resilient against modern threats with an accent on secure standards, leading complex security projects, and mentoring development teams. Focus on building sustainable solutions that prevent security issues at scale through deep technical expertise in software exploitation and defensive architecture.

Location: On-site in Pune, India

Company

hirify.global is a leading Accounting Transformation Platform using AI-powered software to streamline and modernize daily accounting tasks for over 3,000 accounting teams.

What you will do

• Contribute to the strategic AppSec roadmap and lead the implementation of the Secure Software Development Lifecycle (SSDLC).
• Lead deep-dive architectural reviews, threat modeling sessions, and define secure development patterns for engineering teams.
• Lead the response to critical software vulnerabilities and contribute to managing the Bug Bounty program.
• Design and implement internal security libraries and oversee the selection, implementation, and tuning of AppSec tooling (SAST, DAST, SCA).
• Serve as a core security subject matter expert, leading technical initiatives to remediate security debt and mentoring junior security engineers.
• Apply expert-level knowledge of modern web and API security to harden the application layer against sophisticated attacks.

Requirements

• 6+ years of experience in software engineering or application security, with significant tenure as a subject matter expert.
• Strong background as a professional software developer, with the ability to read, write, and debug code in multiple languages (e.g., Python, Go, Java, JavaScript/TypeScript).
• Proven ability to threat model complex, distributed systems and identify logic flaws.
• Demonstrated mastery of identifying and mitigating the OWASP Top 10, business logic vulnerabilities, and advanced exploitation vectors.
• Extensive experience implementing and customizing AppSec tools (e.g., Snyk, Checkmarx, Burp Suite, Semgrep) within enterprise-scale CI/CD environments.
• Deep technical understanding of identity protocols (SAML, OAuth2, OIDC) and modern authorization models (RBAC, ABAC).

Nice to have

• Certifications like OSCP, OSWA, OSWE, or Burp Suite Certified Practitioner (BSCP).
• Strong programming skills in NodeJS, Python, and/or Go.
• Experience securing applications specifically within AWS environments (Lambda, ECS/EKS, DynamoDB security).
• Familiarity with mapping technical application controls to compliance frameworks like SOC 2, HIPAA, or PCI-DSS.

Culture & Benefits

• Committed to operating fair and unbiased recruitment procedures.
• Equal opportunity employer, welcoming people of different backgrounds, experiences, abilities, and perspectives.
• Strives to provide a professional and welcoming workplace for all employees.