Associate Principal Engineer - Information Security (Application security)


Security Analyst JD for SA II:

The role of the Application Security Analyst is to perform activities related to security and privacy by design in the application developed by Flipkart and integrate security controls throughout SDLC life cycle. The job holder is responsible for establishing, implementing, monitoring, reviewing and improving a suitable set of controls for the prevention of threats to the security of our applications and information assets, ensuring the business objectives of the organization.


Essential Duties and Responsibilities -

  • The candidate should have 6 to 8 years of experience in web application and mobile application security vulnerability assessment and penetration testing.  
  • Conduct Penetration testing for thin & thick client based applications.  
  • Exploit security flaws and vulnerabilities with attack simulations on multiple applications in Android and IOS platform.  
  • Develop PoC/exploits for vulnerabilities identified.  
  • Provide remediation guidance to identified vulnerabilities.  
  • Solve complex vulnerabilities such as business logic flaws and articulate to both technical and non-technical partners.  
  • Responsible for the technical execution and the quality of the deliverables for the engagements
  • Analyze application security policies for effectiveness, make suggestions on security policy improvements, and work to enhance methodology material.
  • Develop and maintain security testing plans
  • Automate penetration and other security testing on networks, systems and applications
  • Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make decisions based on risk
  • Produce actionable, threat-based, reports on security testing results
  • Build and maintain relationships with key stakeholders and business partners


Job Requirements 


  • The candidate should be a team player with good interpersonal skills and should be able to work independently with minimum supervision in a complex Infrastructure environment. 
  • Ability to clearly communicate needs and statuses
  • Ability to influence others without direct managerial authority
  • Ability to accurately estimate effort, set and meet deadlines
  • Development experience in one or more of the technologies; Python, Node/JavaScript, Java, GoLang, PHP
  • Experience in research and development in the security field. 
  • Experience with Red team exercises, threat hunting, OSINT.
  • Experience in Threat Modelling.
  • Experience in building security tools.
  • Good communication and presentation skills. 
  • Understanding in Network security assessments.
  • Understanding of DevSecOps integrations. 
  • Understanding in Security Architecture Review.
  • Understanding of newer technologies such as IoT, Cloud, AI, Blockchain and associated security challenges.