AppSec Specialist - VAPT & Secure Code Review - Leading Fintech - Mumbai

Job Description

Role Summary: We are looking for an experienced and technically skilled Application Security Engineer to strengthen our cybersecurity posture. The ideal candidate should possess a solid understanding of application-level vulnerabilities, secure code practices, and vulnerability management tools. You will be responsible for conducting in-depth assessments, secure code reviews, and supporting development teams to remediate findings in alignment with security standards. Key Responsibilities: Safeguard the Confidentiality, Integrity, and Availability of the organization's application ecosystem. Perform Vulnerability Assessment and Penetration Testing (VAPT) for Web, Mobile, and API components using both open-source and commercial tools. Conduct secure code reviews to identify critical flaws and provide remediation guidance to development teams. Lead manual penetration testing and demonstrate proof-of-concept exploits. Guide developers and QA teams in interpreting security findings and applying fixes aligned with secure SDLC practices. Collaborate with DevOps teams to integrate security into CI/CD pipelines. Maintain compliance with PCI DSS and other regulatory/security standards. Drive continuous improvements in security test plans, test cases, and internal security frameworks. Technical Skills Required: 3+ years of hands-on experience in Application Security. Proficient in VAPT (Static & Dynamic Analysis) for Web, API, and Mobile applications. Strong experience with secure code review tools like Fortify, Coverity, Checkmarx. Familiarity with DevSecOps and CI/CD pipeline security integration. Hands-on with tools like Burp Suite, Nessus, Postman, SoapUI, Metasploit. Understanding of WAFs, API gateways, and secure protocol practices. Development/scripting knowledge in Java, JavaScript, AngularJS, or Python. Experience using JIRA for issue tracking and defect logging. Certifications Preferred: OSCP, OSWE, CEH, GWEB or similar security certifications. Soft Skills: Strong communication and documentation skills. Ability to work independently and collaboratively. Must be proactive, with an ownership mindset and attention to detail. Location: Andheri (W), Mumbai, Maharashtra Kindly note: Candidates currently based in Mumbai should apply. Prior experience in the Fintech or BFSI industry will be strongly preferred.