Website:
netshieldtech.com
Job details:
```html
Company Description NetShield Technologies Private Ltd specializes in providing comprehensive end-to-end cybersecurity services. We are dedicated to helping organizations secure their digital assets by addressing complex security challenges. Our mission is to ensure robust defenses for our clients through innovative solutions and expert knowledge. NetShield Technologies operates as a trusted partner in safeguarding systems and data in an ever-evolving threat landscape.
Role Description This is a full-time on-site role for an Application Security Engineer, based in Hyderabad. The Application Security Engineer will be responsible for identifying and resolving application vulnerabilities, performing security assessments, creating secure development practices, implementing secure coding standards, and collaborating with development teams to integrate security throughout the software development lifecycle. This role will involve constant adaptation to the latest security trends and potential threat vectors to ensure robust application security.
Key Responsibilities
• Identify, assess, and remediate application-level vulnerabilities across web, API, and mobile surfaces
• Conduct threat modeling sessions and security architecture reviews during the design phase of the SDLC
• Perform and oversee SAST and DAST assessments and triage findings with development teams
• Define and enforce secure coding standards, guidelines, and developer security training programs
• Integrate security testing tools into CI/CD pipelines for continuous security validation
• Review cloud infrastructure security posture across AWS, Azure, and GCP environments
• Maintain awareness of emerging vulnerabilities, CVEs, and threat actor TTPs relevant to application security
• Collaborate with compliance teams on HIPAA, ISO 27001, NIST, and PCI DSS requirements
Tech Stack
- Languages — Go, Rust, Java, Python, C++
- API Gateways — Kong, Apigee, AWS API Gateway, Nginx, Envoy
- API Security Technologies — OAuth2, JWT validation, mTLS, HMAC
- API Frameworks — Spring Boot, Express/Nest.JS, FastAPI, Django, ASP.NET, Fiber
- Monitoring — Prometheus, Grafana, ELK Stack
- Cloud Security — AWS Security Tools, Azure Security Center, GCP Security Command Center
- Testing Tools - Burp Suite, OWASP ZAP, Postman (Good to have)
- DevOps/Infrastructure — Docker, Kubernetes, CI/CD
- Databases — PostgreSQL, MySQL, MongoDB, Redis
Qualifications
• 8+ years of experience in API security, application security, or related fields
• Deep knowledge of API authentication and authorization standards (OAuth2, JWT, mTLS, HMAC)
• Hands-on experience with API gateways — configuration, policy enforcement, and traffic inspection
• Strong understanding of OWASP API Security Top 10 (distinct from the standard OWASP Top 10)
• Experience with API testing tools such as Burp Suite, OWASP ZAP, or Postman
• Ability to review OpenAPI/Swagger specifications for security weaknesses
- Familiarity with cloud API security services and monitoring tools
```
Click on Apply to know more.