Software Engineering

Application Security Engineer_GTP

Chennai, Tamil Nadu
Work Type: Full Time
Apply Now
Job Title - Application Security Engineer

About Tazapay
Tazapay is a cross border payment service provider. They offer local collections via local payment methods, virtual accounts and cards in over 70 markets. The merchant does not need to create local entities anywhere and Tazapay offers the additional compliance framework to take care of local regulations and requirements. This results in decreased transaction costs, fx transparency and higher auth rates.
They are licensed and backed by leading investors. www.tazapay.com

What's exciting waiting for you?
This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch. It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers. You will be a part of a growth story in securing critical financial applications that handle cross-border payments.
We believe in a culture of openness, innovation & great memories together.

About the Application Security Engineer Role
As an Application Security Engineer, you will be responsible for ensuring the security of our payment applications throughout their entire development lifecycle. You will work closely with development teams to identify, assess, and remediate security vulnerabilities in web applications, mobile apps, and APIs that process sensitive financial data across 70+ markets.

Key Responsibilities

Application Security Assessment & Testing
Conduct comprehensive security assessments of microservices-based applications built with GoLang, Java, or Scala
Perform security reviews of Vue.js and ReactJS frontend applications and their interaction with backend services
Execute manual and automated web application penetration testing using industry-standard methodologies (OWASP Testing Guide, PTES)
Conduct vulnerability scoring and risk assessment using CVSS framework and custom business impact metrics
Utilize govulncheck for Go-specific vulnerability detection and dependency analysis in GoLang microservices
Deploy Semgrep/OpenGrep for static code analysis across multiple programming languages and frameworks
Integrate Gitleaks for automated secret detection and credential scanning in source code repositories
Execute static application security testing (SAST) and dynamic application security testing (DAST) across the entire stack
Conduct penetration testing and vulnerability assessments on payment processing applications and microservices
Perform web application penetration testing including authentication bypass, authorization flaws, injection attacks, and business logic vulnerabilities
Review and analyze code for security vulnerabilities with focus on microservices communication patterns and frontend security
Assess API gateways, service meshes, and inter-service authentication mechanisms
Implement and maintain automated security testing tools in CI/CD pipelines for both frontend and backend components
Secure Development Lifecycle (SDLC)
  • Integrate security practices into the software development lifecycle
  • Collaborate with development teams to implement secure coding practices
  • Conduct security architecture reviews and threat modeling sessions
  • Provide security requirements and guidelines for new application features
  • Establish and maintain application security standards and best practices
Vulnerability Management
  • Identify, prioritize, and track application security vulnerabilities across multiple technologies
  • Implement comprehensive vulnerability scoring using CVSS v3.1, OWASP Risk Rating, and custom business impact assessments
  • Develop risk scoring matrices that incorporate technical severity, business impact, and exploitability factors
  • Utilize govulncheck for proactive Go vulnerability management and dependency tracking
  • Deploy Gitleaks for continuous secret detection and credential exposure prevention
  • Implement Semgrep/OpenGrep for custom vulnerability pattern detection and policy violations
  • Create detailed penetration testing reports with executive summaries, technical findings, and remediation roadmaps
  • Establish vulnerability SLA metrics and track remediation timelines based on risk scores
  • Work with development teams to remediate identified security issues
  • Maintain vulnerability management processes and ensure timely resolution
  • Perform risk assessments and provide recommendations for vulnerability mitigation
  • Monitor and respond to emerging application security threats
  • Create and maintain security metrics and KPIs for vulnerability remediation
Security Tools & Automation
  • Implement and manage application security scanning tools (SAST, DAST, IAST)
  • Deploy govulncheck for continuous Go vulnerability monitoring in GoLang microservices
  • Integrate Gitleaks for automated secret scanning across development workflows and CI/CD pipelines
  • Configure Semgrep/OpenGrep rules for custom security pattern detection and policy enforcement
  • Develop and maintain security automation scripts and tools
  • Integrate security tools into development workflows and CI/CD pipelines
  • Evaluate and recommend new application security technologies and solutions
  • Create custom security rules and policies for language-specific vulnerabilities
  • Automate security testing for containerized applications and microservices
Compliance & Documentation
  • Ensure applications comply with financial industry regulations (PCI DSS, PSD2, etc.)
  • Maintain security documentation, procedures, and incident response plans
  • Support compliance audits and security assessments
  • Create and deliver application security training for development teams
Required Qualifications
Experience
  • 4+ years of experience in application security, with focus on web and mobile applications
  • Strong experience securing microservices architectures, particularly those built with GoLang, Java, or Scala
  • Hands-on experience with frontend security for modern JavaScript frameworks (Vue.js, ReactJS)
  • Extensive experience in web application penetration testing including OWASP Top 10, business logic flaws, and authentication/authorization bypasses
  • Proven expertise in vulnerability scoring and risk assessment using CVSS, OWASP Risk Rating, and custom scoring methodologies
  • Proven experience with security automation tools: govulncheck (Go vulnerability scanning), Gitleaks (secret detection), Semgrep/OpenGrep (static analysis)
  • Experience with application security testing tools (Burp Suite, OWASP ZAP, Veracode, Checkmarx, etc.)
  • Hands-on experience with penetration testing and vulnerability assessment
  • Experience with secure code review and static/dynamic analysis tools
  • Knowledge of common web application vulnerabilities (OWASP Top 10) and microservices-specific security challenges
Technical Skills
  • Proficiency in backend programming languages with strong focus on GoLang, Java, or Scala for microservices architecture
  • Experience with frontend frameworks, particularly Vue.js and ReactJS for modern web applications
  • Advanced proficiency with security tools: govulncheck (Go-specific vulnerability detection), Gitleaks (credential scanning), Semgrep/OpenGrep (multi-language static analysis)
  • Expert-level web application penetration testing skills using tools like Burp Suite Professional, OWASP ZAP, Nuclei, and custom exploitation frameworks
  • Comprehensive knowledge of vulnerability scoring frameworks including CVSS v3.1, OWASP Risk Rating Methodology, and FAIR (Factor Analysis of Information Risk)
  • Experience with automated penetration testing tools and frameworks for continuous security validation
  • Strong understanding of microservices security patterns and inter-service communication
  • Experience with API security testing and assessment (REST, GraphQL, gRPC)
  • Knowledge of mobile application security (iOS/Android)
  • Familiarity with cloud security (AWS, Azure, GCP)
  • Understanding of database security and secure data handling
  • Experience with containerized applications and orchestration platforms
Security Knowledge
  • Deep understanding of application security principles and best practices
  • Expert knowledge of web application penetration testing methodologies (OWASP Testing Guide, PTES, NIST SP 800-115)
  • Advanced understanding of vulnerability scoring and risk quantification using industry-standard frameworks
  • Knowledge of security frameworks and standards (OWASP, NIST, ISO 27001)
  • Experience with threat modeling and risk assessment methodologies
  • Understanding of cryptography and secure communication protocols
  • Knowledge of authentication and authorization mechanisms
  • Expertise in manual testing techniques for complex business logic vulnerabilities
  • Experience with penetration testing reporting and executive communication of security risks
Nice to Have
Certifications
  • Relevant security certifications (CISSP, CEH, CSSLP, GWEB, OSCP)
  • Cloud security certifications (AWS Security, Azure Security)
Additional Skills
  • Experience with DevSecOps practices and tools
  • Advanced proficiency in securing distributed microservices ecosystems
  • Experience with modern frontend build tools and security (Webpack, Vite, npm/yarn security)
  • Expertise in Go ecosystem security including govulncheck integration and dependency management
  • Advanced configuration and customization of Semgrep/OpenGrep rules for organization-specific security policies
  • Experience with Gitleaks integration across multiple Git workflows and CI/CD platforms
  • Advanced web application penetration testing including thick client applications and complex multi-tier architectures
  • Experience with custom exploit development and proof-of-concept creation for business logic vulnerabilities
  • Expertise in creating comprehensive risk scoring models that align technical findings with business impact
  • Knowledge of container security (Docker, Kubernetes)
  • Experience with financial services and payment processing security
  • Familiarity with regulatory compliance (PCI DSS, GDPR, PSD2)
  • Experience with bug bounty programs and responsible disclosure
  • Knowledge of machine learning/AI security
  • Experience with service mesh security (Istio, Linkerd) and API gateway security
Key Abilities and Traits
Technical Excellence: Demonstrated ability to identify and remediate complex application security vulnerabilities across diverse technology stacks.
Collaboration: Strong ability to work effectively with development teams, translating security requirements into actionable development practices.
Communication: Excellent verbal and written communication skills, capable of explaining security concepts to both technical and business stakeholders.
Problem-Solving: Strong analytical and problem-solving skills with the ability to think like both a defender and an attacker.
Continuous Learning: Commitment to staying current with emerging application security threats, tools, and best practices.
Detail-Oriented: Meticulous attention to detail when reviewing code and assessing application security.
Project Management: Ability to manage multiple security assessments and projects simultaneously while meeting deadlines.

Submit Your Application

You have successfully applied
  • You have errors in applying
Social Network and Web Links
Provide us with links to see some of your work (Git/ Dribble/ Behance/ Pinterest/ Blog/ Medium)