Senior Application Security Specialist

Location: Bengaluru

Role Overview
The consultant will be responsible for end-to-end application security testing across enterprise applications. This includes Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), API security testing, AI/ML platforms, and penetration testing. This role requires deep expertise in identifying vulnerabilities, guiding remediation, and ensuring compliance with industry standards such as OWASP Top 10, CWE, CVE, and NIST guidelines.

Key Responsibilities
Static Application Security Testing (SAST)
Perform source code analysis to detect insecure coding practices,
Review applications written in Java, .NET, Python, JavaScript for vulnerabilities such as SQL injection, XSS, insecure deserialization,
Integrate SAST tools  (e.g.: Checkmarx, Fortify, Veracode)  into CI/CD pipelines.
Dynamic Application Security Testing (DAST)
Execute runtime testing of applications to identify vulnerabilities in deployed environments,
Use tools like Burp Suite, OWASP ZAP, HCL App Scan to simulate attacks,
Validate findings against OWASP Top 10 and provide remediation guidance.
API Security Testing
Test REST, SOAP, Graph

QL, and gRPC APIs for vulnerabilities such as broken authentication, excessive data exposure, and injection flaws,
Use tools like Postman, SoapUI, Burp Suite for automated and manual API testing,
Apply OWASP API Security Top 10 principles to secure API endpoints,
Penetration Testing
Conduct manual and automated penetration tests for web, mobile, and cloud applications.
Simulate adversarial attacks to uncover weaknesses beyond automated scans.
Use tools like Metasploit, Nmap, Wireshark to perform advanced exploitation.
Security Testing of AI/ML Platforms
Validate integrity of training and inference datasets and ensure encryption and sanitization of sensitive datasets,
Test for data poisoning, malicious samples, and insecure preprocessing scripts,
Assess ML/LLM models for adversarial attacks, model inversion, poisoning, and backdoors,
Apply frameworks like OWASP LLM Top 10 for generative AI risk coverage,
Under LLM, Test for prompt injection, jail breaking, unsafe content generation, and data leakage, along with simulation of adversarial queries to evaluate resilience of LLM-based applications,
Conduct API testing for AI/ML inference endpoints (REST, Graph

QL, gRPC),
Validate containerized deployments (Docker, Kubernetes) for secure orchestration,
Perform penetration testing on deployed AI services to uncover misconfigurations,
Governance & Compliance
Ensure applications comply with PCIDSS, ISO 27001, GDPR, and industry specific regulations,
Support audits and provide evidence of secure coding practices,
Collaboration & Advisory
Partner with developers, architects, and product owners to embed security into the SDLC/ Dev Sec Ops  pipeline,
Provide training and mentoring on secure coding and vulnerability remediation.
Documentation & Reporting
Prepare detailed assessment reports, dashboards, and executive summaries.
Required Technical Knowledge & Competencies
Expertise in SAST, DAST, API security testing, and penetration testing.
Strong programming knowledge (Java, .NET, Python, JavaScript) for code level analysis,
Familiarity with cloud security testing (AWS, Azure, GCP),

Experience with container security (Docker, Kubernetes),
Excellent communication and stakeholder management skills.
Qualifications
Bachelor’s degree in computer science, Information Security, or related field,
8–10 years of IT experience, with at least 5+ years in application security testing,
Preferred certifications: OSCP, CEH, GWAPT, CISSP.