Job Description
The Application Security Engineer will be responsible for securing LeadSquared’s SaaS products and infrastructure by conducting security assessments, performing code reviews, managing vulnerabilities, and embedding security practices across the development lifecycle. The role sits at the intersection of engineering and security, requiring both hands-on technical depth and the ability to collaborate with cross-functional teams.
Primary Responsibilities:
– Conduct application security assessments across web, API, and mobile platforms.
– Perform secure code reviews to identify and remediate vulnerabilities early in the SDLC.
– Carry out cloud security assessments for SaaS infrastructure and services (AWS/Azure).
– Manage the vulnerability lifecycle end-to-end — from discovery through to resolution and closure.
– Deliver security training and awareness sessions to internal engineering and product teams.
– Develop internal tools and frameworks to support security automation and engineering initiatives.
Additional Responsibilities:
– Integrate security testing into CI/CD pipelines in alignment with DevSecOps practices.
– Support compliance-related assessments and audits (ISO 27001, HIPAA).
– Assist in threat modeling exercises and risk assessments for new product features.
– Contribute to documentation of security standards, guidelines, and best practices.
Requirements / Qualifications:
– B.Tech / B.E. / B.Sc. in Computer Science, Information Security, Cybersecurity, or a related field.
– 1-3 years of experience in product/application security; minimum 1 year of hands-on software development experience.
– Certifications such as CEH, OSCP, CompTIA Security+, or equivalent are preferred (not mandatory).
– Familiarity with OWASP testing methodologies; hands-on training in SAST/DAST/SCA tooling.
Required Knowledge:
– OWASP Top 10, SANS CWE, and common vulnerability frameworks.
– Cryptography, authentication mechanisms, and risk assessment principles.
– Cloud security best practices on AWS and/or Azure.
– Compliance standards: ISO 27001, HIPAA.
– Threat modeling concepts and secure SDLC principles.
Required Competencies:
– Analytical thinking with a security-first mindset.
– Ability to work collaboratively with engineering and product teams.
– Self-driven with the ability to manage multiple assessments simultaneously.
– Strong documentation and communication skills for both technical and non-technical audiences.