Application Security Engineer - II

Actively Reviewing the Applications

MediBuddy

India, Karnataka, Bengaluru Full-Time On-site

Posted 11 hours ago • Apply by June 11, 2026

Job Description

Job Summary

We are looking for a mid-to-senior level Application Security Engineer to own the security

posture of our web, mobile, and AI-driven ecosystems. You are expected to operate with high

autonomy, moving beyond simple checklist-based testing to proactive threat modeling and

automated defense. You will collaborate with engineering teams to ensure our rapid deployment

cycle remains secure by design.

Key Responsibilities:

Advanced Application Security & Pentesting
Conduct deep-dive manual and automated penetration testing on Web, Mobile

(iOS/Android), and API layers.

Master the OWASP Top 10 and SANS 25 frameworks to identify and remediate complex

logic flaws.

Perform manual code reviews for high-risk features in Node.js and Python.
Cloud & Infrastructure (AWS Focus)
Audit and harden AWS environments, focusing on IAM least-privilege policies and VPC

security.

Secure serverless architectures (Lambda) and containerized workloads

(Kubernetes/Docker).

Implement and monitor AWS security services like GuardDuty, Security Hub, and

Inspector.

Emerging Tech: AI & Low-Code Security
AI Agents: Conduct security assessments for LLM-based features, protecting against

prompt injection, data leakage, and insecure output handling (OWASP for LLMs).

Low-Code/No-Code: Establish governance and security reviews for internal tools (e.g.,

Retool, Zapier) to prevent unauthorized data exposure.

API Integrity: Secure the machine-to-machine communication between our AI agents

and core healthcare microservices.

DevSecOps & Automation
Integrate and manage SAST, DAST, and SCA tools (Snyk, Burp Suite, SonarQube)

directly into the CI/CD pipeline.

Build custom automation scripts (Python/Go) to detect secrets in code or misconfigured

cloud assets in real-time.

Qualifications & Skills

Minimum Requirements
Experience: 4-5 years in Application Security or Penetration Testing.
Education: B.Tech/B.E. in Computer Science or a related technical field.
Certifications: OSCP, eWPT, or GWAPT (preferred); CEH (minimum).
Tooling: Expertise in Burp Suite Professional, Metasploit, Postman, and Cloud-native

security tools.

Technical Proficiencies
Languages: Ability to read/write Python and Node.js for exploit development and script

automation.

Standards: Deep knowledge of OAuth2, JWT, TLS/SSL, and Cryptographic standards.
Cloud: Hands-on experience with Terraform/IaC security scanning.
Soft Skills
The "Security Partner" Mindset: Ability to explain complex vulnerabilities to SDEs in a

way that encourages remediation rather than friction.

Analytical Thinking: The ability to "think like a hacker" while providing "builder-centric"

solutions.

MediBuddy Introduction:

MediBuddy is India’s largest on-demand, full-stack digital healthcare platform that helps patients access multiple healthcare services. It gives users 24x7 access to high-quality healthcare at their fingertips. MediBuddy helps its users consult specialist doctors, order medicines and book lab tests from the comfort of their homes. It is also a partner to several leading corporate customers in the country and helps their employees access multiple healthcare benefits. MediBuddy users have access to online doctor consultations, wellness, preventive care services, fitness and hospitalization offered by its pan-India network of healthcare providers with its unparalleled reach.

It also provides its customers hassle-free, end-to-end surgery care through a Care Buddy, right from connecting them to the right surgeon to post-operative recovery care. MediBuddy’s surgery care provides specialized treatment in several other departments like Proctology, Ophthalmology, Vascular, ENT, Orthopaedics, Urology, Gynaecology, and more. With full-stack Surgery Care management services, MediBuddy assures customers an array of solutions for every medical, financing, insurance, and recovery need of its customers undergoing surgery.

The digital healthcare platform has a partner network of 90,000+ doctors, 7,100+ hospitals and clinics, 4,000+ diagnostic centers, 2,500+ pharmacies along with a team size of 2200+ members. It has created an integrated healthcare ecosystem that offers patients seamless access anytime and anywhere. It has created an integrated healthcare ecosystem that offers patients seamless access anytime and anywhere in 10 minutes. With its healthcare services available in 16 Indian languages to enable customer-friendly consultation, MediBuddy is bridging the Urban-Rural quality healthcare divide. MediBuddy offers online and offline doctor consultations, medicine delivery, lab tests at home, mental health consultations, surgery care, among other healthcare services.