Associate Principal Engineer - Application Security (Information Security)
Associate Principal Engineer Application Security | Myntra Design Pvt Ltd, Bangalore
The role of the Application Security Analyst is to perform activities related to security and privacy by design in the
application developed by Flipkart and integrate security controls throughout the SDLC life cycle. The engineer is
responsible for establishing, implementing, monitoring, reviewing, and improving a suitable set of controls for the
prevention of threats to the security of Myntra’s applications and information assets, ensuring the business
objectives of the organization.
Responsibilities and Scope:
● The candidate should have 4-6 year of experience in web application and mobile application security
vulnerability assessment and penetration testing.
● Perform Static, Dynamic security testing (SAST and DAST) including penetration testing for thin & thick
● Exploit security flaws and vulnerabilities with attack simulations on multiple applications in the Android
and IOS platforms.
● Develop PoC/exploits for vulnerabilities identified.
● Provide remediation guidance to identified vulnerabilities.
● Manual and automated security testing of Web applications, APIs, and mobile Apps.
● Use automated and manual code review techniques to identify application security vulnerabilities.
● Perform software applications reviews for potential security vulnerabilities by conducting application
● Perform requirements review, design review, code review, and perform code review across multiple
● Identify complex vulnerabilities such as business logic flaws and articulate to both technical and
● Document vulnerabilities and work on vulnerability mitigation analyze application security policies for
effectiveness, make suggestions on security policy improvements, and work to enhance methodology
● Develop and maintain security testing plans and automate penetration and other security testing on the
application, systems, networks, and data layers.
● Develop meaningful metrics to reflect the true posture of the environment allowing the organization to
make decisions based on risk.
● Produce actionable, threat-based, reports on security testing results.
● Build and maintain relationships with key stakeholders and business partners.
● The candidate should be a team player with good interpersonal skills and should be able to work
independently with minimum supervision in a complex Infrastructure environment.
● Ability to clearly communicate needs and requirements and influence stakeholders with minimal
● Ability to accurately estimate effort, set and meet deadlines.
● Experience in research and development in - red team exercises, threat hunting, OSINT, Threat
Modelling and building security tools.
● Good understanding in DevSecOps, security architecture review and network security assessments
● Good experience in developing and/or maintaining multi-tier applications and hands-on development
using Java / J2EE or .NET Technologies or any Web.
● Good understanding of any application web servers. Well versed with OWASP standards - Unix / Linux / Debian.
● Hands-on experience with technology and to contribute to the design, development, and support of
projects with the security recommendations.
Nice to Have:
● Good problem-solving skills. good communications and documentation skills.
● Ability to anticipate needs and provide creative input that ensures the success of the broader team.
● Aptitude for learning software vulnerabilities, exploits, countermeasures, and operational monitoring.
● Proficient in reading modern programming languages with the ability to quickly learn to read and
interpret scripts written by others.
Explore more Information Security career opportunities
- Open Senior Infrastructure Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open SOC Analyst Jobs
- Open Senior Penetration Tester Jobs
- Open IT Security Engineer Jobs
- Open Principal Security Engineer Jobs
- Open Information Security Architect Jobs
- Open Information Security Officer Jobs
- Open Staff Security Engineer Jobs
- Open Vulnerability Analyst Jobs
- Open Personnel Security Officer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Senior Information Security Analyst Jobs
- Open Software Security Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Senior Incident Response Analyst Jobs
- Open DevOps Security Engineer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Privacy Manager Jobs
- Open IAM Engineer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Cybersecurity Analyst Jobs
- Open NIST-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open CEH-related jobs
- Open Open Source-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Machine Learning-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open IPS-related jobs
- Open Encryption-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open HIPAA-related jobs
- Open Cryptography-related jobs
- Open TCP/IP-related jobs
- Open DevSecOps-related jobs
- Open Unix-related jobs
- Open PowerShell-related jobs
- Open DNS-related jobs