Open Source Technology Application Security Specialist - Vulnerability Management

Job Description

Description Job Title : Open Source Technology Application Security Specialist Location : Kolkata , Bangalore Position Overview We are seeking a highly skilled Application Security Specialist with strong expertise in open-source technologies and modern web development frameworks such as React, Node.js, Python, and Angular. The ideal candidate will have a deep understanding of application-level vulnerabilities, secure coding practices, and penetration testing methodologies. You will be responsible for identifying, mitigating, and preventing security risks across our front-end and back- end applications, ensuring that robust security controls are embedded throughout the Software Development Lifecycle (SDLC). The successful candidate will collaborate closely with engineering, DevOps, and infrastructure teams to strengthen the overall security posture of applications hosted across cloud and on-premise environments. You will be responsible for identifying, mitigating, and preventing security risks across our cloud and applications while collaborating closely with development and infrastructure teams. The successful candidate will be responsible for implementing robust security practices throughout the application development lifecycle, conducting vulnerability assessments, and performing penetration testing to safeguard our applications built on diverse technological stacks, including .NET, ASP.NET, IIS, Windows OS etc. Key Responsibilities Secure Coding Governance : Establish, enforce, and monitor secure coding standards across all open-source technology stacks (React, Node.js, Python, Angular, etc.) to minimize application security risks. Vulnerability Management Identify, analyze, and remediate security vulnerabilities within codebases, APIs, and cloud applications. Focus areas include injection attacks, cross-site scripting (XSS), insecure deserialization, and related OWASP Top 10 issues. Penetration Testing Plan and execute penetration tests and dynamic security assessments to uncover application weaknesses and work with development teams to implement corrective measures. Web Application Firewalls (WAF) And Cloud Security Configure, tune, and monitor WAFs, API gateways, and cloud-native security tools (AWS/Azure/GCP) to protect open-source applications and services. Technical Leadership Provide technical guidance on secure design and implementation for open-source frameworks and tools. Leverage expertise in React, Node.js, Python, Angular, and related libraries to support secure architecture decisions. Collaboration And Training Work closely with product engineering, QA, and operations teams to embed security best practices across all stages of development. Conduct developer training and knowledge sessions to strengthen security awareness. Continuous Improvement Perform threat modeling and design reviews for new and existing applications. Develop and automate security validation tools and scripts to identify vulnerabilities early in the SDLC. Monitor and respond to application-level security incidents and provide root-cause analysis. Continuously research emerging security threats, tools, and frameworks relevant to open-source ecosystems. Monitor, investigate, and respond to security incidents and intrusion attempts. Stay abreast of the latest security threats, trends, and technologies, and continuously improve security policies, tools, processes frameworks, and compliance standards. Support and mentor developers on secure design and architecture. Stay abreast of the latest security threats, trends, and technologies, and continuously improve security policies, tools, and processes. Required Qualifications And Skills Technical Proficiency : Strong hands-on experience in React, Node.js, Python, Angular, and related open-source technologies. Solid understanding of RESTful APIs, OAuth2/OpenID Connect, JWT, and microservices architectures. Security Expertise Comprehensive understanding of application security principles, OWASP Top 10, and secure SDLC methodologies. Experience performing static and dynamic code analysis (SAST/DAST) and API security testing. Security Tools Experience Proficient in open-source and commercial security tools such as Burp Suite, OWASP ZAP, SonarQube, Checkmarx, or similar vulnerability scanners. Analytical Abilities Strong analytical and problem-solving skills to assess complex application security issues and implement effective mitigation strategies. Communication Excellent interpersonal and communication skills with the ability to collaborate effectively with engineering teams and key stakeholders. Preferred Qualifications Security certifications such as OSCP, CEH, CSSLP, GIAC GWAPT, or equivalent. Experience in Agile and DevSecOps environments. Familiarity with container security (Docker, Kubernetes) and cloud-native security practices (AWS/GCP/Azure). Experience integrating security automation in CI/CD pipelines. (ref:hirist.tech)