Назад
Company hidden
7 Π΄Π½Π΅ΠΉ Π½Π°Π·Π°Π΄

Senior Application Security Engineer

Π€ΠΎΡ€ΠΌΠ°Ρ‚ Ρ€Π°Π±ΠΎΡ‚Ρ‹
onsite
Π’ΠΈΠΏ Ρ€Π°Π±ΠΎΡ‚Ρ‹
fulltime
Π“Ρ€Π΅ΠΉΠ΄
senior
Английский
b2
Π‘Ρ‚Ρ€Π°Π½Π°
India
Вакансия ΠΈΠ· списка Hirify.GlobalВакансия ΠΈΠ· Hirify Global, списка ΠΌΠ΅ΠΆΠ΄ΡƒΠ½Π°Ρ€ΠΎΠ΄Π½Ρ‹Ρ… tech-ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ
Для мэтча ΠΈ ΠΎΡ‚ΠΊΠ»ΠΈΠΊΠ° Π½ΡƒΠΆΠ΅Π½ Plus

ΠœΡΡ‚Ρ‡ & Π‘ΠΎΠΏΡ€ΠΎΠ²ΠΎΠ΄

Для мэтча с этой вакансиСй Π½ΡƒΠΆΠ΅Π½ Plus

ОписаниС вакансии

ВСкст:
/

TL;DR

Senior Application Security Engineer: Driving the hands-on integration of "Security by Design" across the product suite, ensuring applications are resilient against modern threats with an accent on secure standards, leading complex security projects, and mentoring development teams. Focus on building sustainable solutions that prevent security issues at scale through deep technical expertise in software exploitation and defensive architecture.

Location: On-site in Pune, India

Company

hirify.global is a leading Accounting Transformation Platform using AI-powered software to streamline and modernize daily accounting tasks for over 3,000 accounting teams.

What you will do

  • Contribute to the strategic AppSec roadmap and lead the implementation of the Secure Software Development Lifecycle (SSDLC).
  • Lead deep-dive architectural reviews, threat modeling sessions, and define secure development patterns for engineering teams.
  • Lead the response to critical software vulnerabilities and contribute to managing the Bug Bounty program.
  • Design and implement internal security libraries and oversee the selection, implementation, and tuning of AppSec tooling (SAST, DAST, SCA).
  • Serve as a core security subject matter expert, leading technical initiatives to remediate security debt and mentoring junior security engineers.
  • Apply expert-level knowledge of modern web and API security to harden the application layer against sophisticated attacks.

Requirements

  • 6+ years of experience in software engineering or application security, with significant tenure as a subject matter expert.
  • Strong background as a professional software developer, with the ability to read, write, and debug code in multiple languages (e.g., Python, Go, Java, JavaScript/TypeScript).
  • Proven ability to threat model complex, distributed systems and identify logic flaws.
  • Demonstrated mastery of identifying and mitigating the OWASP Top 10, business logic vulnerabilities, and advanced exploitation vectors.
  • Extensive experience implementing and customizing AppSec tools (e.g., Snyk, Checkmarx, Burp Suite, Semgrep) within enterprise-scale CI/CD environments.
  • Deep technical understanding of identity protocols (SAML, OAuth2, OIDC) and modern authorization models (RBAC, ABAC).

Nice to have

  • Certifications like OSCP, OSWA, OSWE, or Burp Suite Certified Practitioner (BSCP).
  • Strong programming skills in NodeJS, Python, and/or Go.
  • Experience securing applications specifically within AWS environments (Lambda, ECS/EKS, DynamoDB security).
  • Familiarity with mapping technical application controls to compliance frameworks like SOC 2, HIPAA, or PCI-DSS.

Culture & Benefits

  • Committed to operating fair and unbiased recruitment procedures.
  • Equal opportunity employer, welcoming people of different backgrounds, experiences, abilities, and perspectives.
  • Strives to provide a professional and welcoming workplace for all employees.

Π‘ΡƒΠ΄ΡŒΡ‚Π΅ остороТны: Ссли Ρ€Π°Π±ΠΎΡ‚ΠΎΠ΄Π°Ρ‚Π΅Π»ΡŒ просит Π²ΠΎΠΉΡ‚ΠΈ Π² ΠΈΡ… систСму, ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡ iCloud/Google, ΠΏΡ€ΠΈΡΠ»Π°Ρ‚ΡŒ ΠΊΠΎΠ΄/ΠΏΠ°Ρ€ΠΎΠ»ΡŒ, Π·Π°ΠΏΡƒΡΡ‚ΠΈΡ‚ΡŒ ΠΊΠΎΠ΄/ПО, Π½Π΅ Π΄Π΅Π»Π°ΠΉΡ‚Π΅ этого - это мошСнники. ΠžΠ±ΡΠ·Π°Ρ‚Π΅Π»ΡŒΠ½ΠΎ ΠΆΠΌΠΈΡ‚Π΅ "ΠŸΠΎΠΆΠ°Π»ΠΎΠ²Π°Ρ‚ΡŒΡΡ" ΠΈΠ»ΠΈ ΠΏΠΈΡˆΠΈΡ‚Π΅ Π² ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΡƒ. ΠŸΠΎΠ΄Ρ€ΠΎΠ±Π½Π΅Π΅ Π² Π³Π°ΠΉΠ΄Π΅ β†’

ВСкст вакансии взят Π±Π΅Π· ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠΉ

Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ - Π·Π°Π³Ρ€ΡƒΠ·ΠΊΠ°...