Application Security Engineer - 1

About Us

Exotel is a leading provider of AI transformation solutions for enterprise customer engagement and experience. With over 20 billion annual conversations across omnichannel, voice, agents, and bots, Exotel is trusted by 7,000+ clients worldwide, spanning industries such as BFSI, Logistics, Consumer Durables, E-commerce, Healthcare, and Education. Customer expectations are evolving rapidly, and businesses face the challenge of balancing revenue growth, cost optimisation, and exceptional CX. Exotel steps in as the transformative partner, delivering AI-powered communication solutions that address all three - enabling businesses to engage smarter, faster, and better.

About the Role

As an Application Security Engineer, you will get to work on the security of our apps / services - Web, Mobile and API-based at Scale. Implementing granular security controls at various points of the Secure Software Development Lifecycle.

The Goal is to build Seamless Security. We want you to redefine how developers view security, eliminating friction and improving Security natively.

You will work closely with other Security functions, DevOps, Security Lead and Developers and QA to build highly reliable and secure products.

Responsibilities

Experience in 1 or more of the following areas

API Security

Web Application Security

Mobile Application Security

Penetration Testing experience

Hands on with Python / Shell Scripting for Vulnerability Identification and Remediation

Work with developers on Vulnerability prioritization for SCA(Software Composition Analysis) vulnerabilities based on EPSS,CISA KEV.

Work on Custom SAST, DAST and other Security tools in the lifecycle. Work on findings evaluation, prioritization and fix / mitigate.

Contribute to the Security Champions program training modules.

Work on Security Incidents for Applications / Services across the ecosystem.

Requirements

Overall 1-2 years of relevant experience

Bachelor's degree in Computer Science or a related technical discipline, or equivalent practical experience.

Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization. Prior Experience in solving any of OWASP Top 10 highly desirable.

Good understanding of Linux and Windows OS, TCP / IP protocol stack and networking fundamentals, and security principles at all layers of the OSI stack

Experience with API security, network security, cryptography, PKI, certificate management,

Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports using tools like Burp Suite, Paros, AppScan, Wireshark, Nmap, and Nessus.

Advanced Expertise in at least one language, Shell scripting / Python / Go / NodeJS

Skills Required

DAST, Wireshark, Nessus, Shell Scripting, Nmap, Penetration Testing, Burp Suite, Web Application Security, SAST, API Security, Appscan, Python, Mobile Application Security