Lead Application Security Engineer

InMobi

1 day ago

Bengaluru, India

Mid Level / Senior / Staff+

H1B Sponsor

Responsibilities

Perform application security testing across various platforms including Web, API, Mobile, and Cloud services.
Validate and triage security findings through exploit verification and risk-based severity assessment.
Own and operate CI/CD security controls, including SAST, DAST, SCA, and secrets scanning.
Build and maintain security gates with a focus on automation and developer usability.
Conduct manual security code reviews for APIs and services in Java, Python, and Node.js.
Review application designs for security best practices.
Automate security workflows to standardize testing and reduce manual effort.
Partner with engineering teams to drive timely remediation of vulnerabilities.
Apply AI Secure SDLC practices for LLM-based features.
Assess and mitigate OWASP LLM Top 10 risks.
Implement practical AI guardrails and perform AI red teaming.

Minimum 6 years of experience in Application Security, Penetration Testing, or Security Engineering.
Proven hands-on ability with SAST/DAST/SCA and vulnerability triage workflows.
2-3 years’ experience building and managing security gating in Checkmarx or equivalent.
2-3 years’ experience performing manual security code reviews in common languages.
Familiarity with OAuth2, OIDC, JWT, and API gateways.
Strong knowledge of OWASP Top 10 Mobile and LLM.
Experience with common testing tools like Burp Suite and OWASP ZAP.
Scripting/automation skills using Python and familiarity with Bash/PowerShell.
Working knowledge of Docker/Kubernetes and cloud-native patterns.
Solid communication skills for writing findings and influencing engineering decisions.

DockeriOSJavaKubernetesNode.jsPython