Experience : 3 to 5 Years

Location : Bangalore

Commitment: Full-Time

Level : L2

Required Qualifications (Must-Haves):

● Experience:

Graduate with 3+ years of hands-on experience in Application Security, Product Security, or a similar software security role.

● Technical Acumen:

○ Strong ability to read, review, and reason about code in one or more modern programming languages used in our stack (e.g., Python, Go, Java, JavaScript/TypeScript).

○ Deep understanding of common web, API and mobile application vulnerabilities (OWASP Top 10) and their mitigation.

○ Hands-on experience with security tools like Burp Suite, Semgrep, Frida, Jadx, Ghidra or similar SAST/DAST/SCA solutions.

○ Familiarity with cloud environments (AWS, GCP, or Azure) and their security principles.

○ Knowledge of modern authentication and authorization protocols like JWT, OAuth, SAML and OpenID Connect.

○ Familiarity with fundamental cryptographic principles.

○ Exposure to AI/ML security risks, including testing AI agents, chatbots, and LLM-based applications (e.g., prompt injection, output handling, model abuse).

● Communication:

Excellent written and verbal communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences.

● Problem-Solving:

Strong analytical and problem-solving skills with a pragmatic, risk-based approach to security.

Preferred Qualifications (Nice-to-Haves):

● Experience building security automation and integrating tools into CI/CD pipelines

● Familiarity with LLM security topics such as OWASP Top 10 for LLMs, agent security, RAG pipeline attacks, and jailbreak research.

● Proven experience running or contributing to a bug bounty program.

● Relevant security certifications are a plus (OSCP, OSWE, eWPT, eWPTX, GWAPT etc.).

● Track record of contributions to the security community (e.g., blogs, talks, open-source