Product Security Engineer (App Security)

Roles & Responsibilities(What will you do):

• Perform penetration testing of web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance.
• Conduct manual and automated secure code reviews, primarily in Java, Python, and JavaScript.
• Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort.
• Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles.
• Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks.
• Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors while effectively communicating security findings to stakeholders.

What Makes You a Great Fit

• 1-5 years of experience in application security, penetration testing, or related fields.
• Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI and other mobile security testing frameworks.
• Experience integrating security into SDLC and familiarity with DevSecOps tools.
• Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques.
• Strong scripting skills (Python preferred) for security automation.
• Excellent communication and stakeholder management abilities.
• Passion for continuous learning and staying updated on security trends.
• Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF partipation are a plus