Security Engineer – Source code Review, VAPT

Job Locations
IN-MH-Mumbai
Job area
IT & Digital
Employment type
Permanent
Industry
Banking & Financial Services
Workplace
On-Site
ID
2026-50161

Overview

  • JOB TITLE: Security Engineer – Application Security, VAPT & GRC
  • JOB SUMMARY: We are seeking a skilled and motivated Security Engineer with 1–3 years of experience in Application Security, VAPT (Web & Mobile), and GRC & Audit. The candidate should have strong hands-on expertise in SAST, Web and Mobile VAPT, along with sound knowledge of CERT-In guidelines and the Digital Personal Data Protection (DPDP) Act. The role requires working closely with development, IT, DevOps, and compliance teams to strengthen the organization’s overall security posture.

Responsibilities

  • KEY RESPONSIBILITIES:
    • APPLICATION SECURITY & SAST:
      • Perform Static Application Security Testing (SAST) on web and mobile application source code
      • Identify and analyze vulnerabilities such as OWASP Top 10, CWE, and secure coding flaws
      • Triage and validate SAST findings and eliminate false positives
      • Work closely with developers to explain vulnerabilities and recommend remediation
      • Integrate security testing tools into CI/CD pipelines.
      • Conduct Web Application Vulnerability Assessment and Penetration Testing
      • Identify vulnerabilities including SQL Injection, XSS, CSRF, SSRF, authentication and authorization issues
      • Perform both automated and manual penetration testing
      • Validate vulnerabilities and assess business risk
      • Prepare detailed VAPT reports with proof of concept and remediation steps
      • Perform re-testing after fixes.
      • Conduct Mobile Application VAPT for Android and iOS applications
      • Perform static and dynamic analysis of mobile applications
      • Identify issues such as insecure storage, improper platform usage, insecure
      • communication, and weak cryptography
      • Use reverse engineering and runtime analysis techniques when required
      • Prepare detailed VAPT security assessment reports
    • GRC, AUDIT & COMPLIANCE:
      • Support Governance, Risk, and Compliance (GRC) activities
      • Ensure compliance with CERT-In directives, incident reporting, and log retention requirements
      • Implement and monitor controls as per the DPDP Act (Digital Personal Data Protection Act)
      • Assist in internal and external security audits
      • Perform risk assessments, gap analysis, and compliance tracking
      • Maintain security policies, procedures, SOPs, and audit documentation
      • Support ISO 27001, SOC 2, and other regulatory or customer audits

    • PREFERRED CERTIFICATIONS:

      • CEH (Certified Ethical Hacker)

      • OSCP / GWAPT / eMAPT / GMOB (any VAPT-related certification)

      • CSSLP (for application security)

    • ADDITIONAL REQUIREMENTS:

      • Ability to work independently and in a team environment

      • Strong attention to detail and security mindset

      • Willingness to learn and adapt to new security threats and regulations

    • REQUIRED SKILLS & KNOWLEDGE:

      • Strong understanding of application security and secure SDLC

      • In-depth knowledge of OWASP Top 10 (Web & Mobile)

      • Hands-on experience with SAST, Web VAPT, and Mobile VAPT tools

      • Knowledge of CERT-In guidelines and Indian cyber security regulations

      • Strong understanding of DPDP Act, data privacy, and data protection principles

      • Familiarity with ISO 27001, risk management, and audit processes

      • Good documentation and reporting skills

      • Strong analytical and communication skills

    • TOOLS & TECHNOLOGIES:
      • SAST Tools: Checkmarx, Fortify, Veracode, SonarQube (or similar)
      • Web VAPT Tools: Burp Suite, OWASP ZAP, Nikto, Acunetix
      • Mobile Security Tools: MobSF, Drozer, Frida, Burp Suite
      • Security Tools: SIEM (Splunk/ELK), WAF, EDR
      • CI/CD and DevSecOps tools (preferred)

Qualifications

  • EDUCATIONAL QUALIFICATIONS:
    • Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or related field

Essential skills

  • TOOLS & TECHNOLOGIES:
    • SAST Tools: Checkmarx, Fortify, Veracode, SonarQube (or similar)
    • Web VAPT Tools: Burp Suite, OWASP ZAP, Nikto, Acunetix
    • Mobile Security Tools: MobSF, Drozer, Frida, Burp Suite
    • Security Tools: SIEM (Splunk/ELK), WAF, EDR
    • CI/CD and DevSecOps tools (preferred)

Experience

  • EXPERIENCE: 1–3 Years EMPLOYMENT TYPE: Full-time LOCATION: As per business requirement

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share to social media

Can't find the job of your choice?
Upload your C.V. / Resume here for our recruiters to view.