Application Security Engineer I/II
Description For Application Security Engineer I/II
Zeta is a Next-Gen Banking Tech company founded in 2015 by Bhavin Turakhia and Ramki Gaddipati. Our flagship platform, Zeta Tachyon, is a modern, cloud-native, API-enabled stack for banking services. We've issued 20M+ cards globally and work with major banks and fintechs.
As an Application Security Engineer I/II, you'll be part of the Risk & Compliance Team in the Engineering division. Your role involves securing all mobile & web applications and APIs by identifying vulnerabilities and educating developers and DevOps teams on fixes. Key responsibilities include:
- Performing regular VA/PT for Web & Mobile applications, API & Infrastructure
- Guiding developers in fixing security issues
- Conducting regular code reviews
- Participating in application design discussions
- Performing Threat Modelling of Web/Mobile applications
- Developing secure code practices and educating dev and QA engineers
- Evaluating & Integrating security testing tools into CI/CD pipelines
You'll need 2+ years of experience in developing large-scale internet or SaaS applications, and 2-3 years as a Web/Mobile Application Security engineer or Developer. A Bachelor's or Master's degree in Computer Science or equivalent from a Tier-1 engineering college/university is required.
Zeta offers a dynamic work environment in a rapidly growing company with a $1.5 billion valuation. Join us in shaping the future of banking technology!
Responsibilities For Application Security Engineer I/II
- Guide technology organization's security and privacy initiatives
- Participate in design reviews and threat modeling
- Ensure applications are secured and hardened
- Define scope and ensure adherence to project phases
- Create visibility and adoption of projects for internal customers
- Act as a security engineering expert and technical champion
- Assess gaps and tools to improve application security
- Liaise with external and internal stakeholders
- Mentor developers and QA
- Evaluate bugs reported through Bug Bounty program
- Run security posture of various applications across BUs
- Continuously improve web/mobile application security
- Conduct quarterly VA/PT for mobile/web applications
- Ensure secure configuration of Web/Mobile applications, DB, and Data
Requirements For Application Security Engineer I/II
- 2+ years of experience in developing large scale internet or SaaS applications
- 2 to 3 years of overall experience as Web/Mobile Application Security engineer or Developer
- Bachelor's or Master's degree in Computer Science or equivalent from a Tier-1 engineering college/university
- Hands-on VA/PT experience in Web, Mobile, API & Network
- Thorough understanding of OWASP Top 10, their attack & defence mechanisms
- Experience with security tools like Burpsuite, AppScan, OWASP ZAP, BEEF, MetaSploit, Qualys, Nessus, Synk
- Understanding of Cryptography, PKI-based systems, TLS
- Knowledge of AuthN/AuthZ frameworks (OIDC, oAuth, SAML)
- Experience with Static Analysis and Code reviews using tools like Snyk, Veracode, Checkmarx, Sonarqube
- Hands-on experience with mobile application reversing and dynamic instrumentation tools
- Shell scripting or automation skills using Python or Ruby
- Knowledge of security standards like PCI DSS, UIDAI, GDPR, NIST
- Understanding of Java Frameworks like Springboot, CI/CD, Jenkins
- Experience with cloud infrastructure (AWS/Azure)
- Certifications like OSCP (Preferred), GWAPT, AWAE, Comptia Security+
Jobs Related To Zeta Application Security Engineer I/II
