No longer accepting applications

Security Engineer III - India

ConfidentialBengaluru / Bangalore, India

22 days ago

Job description

The Application Security Engineer leads efforts to enhance application security and the secure software development lifecycle. This individual is responsible for performing manual application security assessments (application pentests) and communicating security findings to the developers and QA teams. Additionally, the individual will provide application design support and security best practice guidance, in the form of consultations, to various development teams and business stakeholders. This individual will also actively promote security through engaging interactive workshops and exercises, such as internal Capture The Flag (CTF) events.

Principal Accountabilities

Serve as the primary application security expert for development teams, offering security consulting and best practice guidance throughout the Software Development Life Cycle (SDLC).
Perform manual security assessments at key points in the SDLC.
Produce documentation (reports) and present findings of manual security assessments to various stakeholders, including senior leadership.
Participate in security architecture reviews and threat modelling.
Contribute to automation initiatives, including the integration of new security tools and processes (e.g., AI).
Demonstrate a commitment to continuous education and staying current within the application security domain, promoting collaboration and knowledge sharing.

Skills Requirements

5+ years experience with industry standard penetration testing, or ability to demonstrate equivalent knowledge.

Expertise performing blackbox / greybox / whitebox security assessments of applications (e.g., web applications, APIs, thick clients, web sockets) which use HTTP and / or proprietary protocols.

Expert level skills with application security testing tools including : Burpsuite, sqlmap, nmap, etc.

Experience performing manual reviews of application source code for security vulnerabilities written in various languages including : Java, Javascript, .Net (C#), etc.

Experience with Cloud architectures, security principles and services. Google Cloud Platform (GCP) is preferred.

Experience with automating security testing and / or other relevant activities to streamline service delivery. Preferred scripting languages : Python, bash, Powershell, etc.

Experience with UNIX or Linux.

A self-starter who is highly motivated. Proactively seek answers, ask for help when needed, and communicate solutions.

Excellent Oral and Written communications skills. Ability to effectively communicate and interface with peers and stakeholders at all levels, including senior leadership.

Nice To Have

Experience in securing modern APIs, including knowledge of authentication / authorization standards like OAuth 2.0 and JWT, and understanding API-specific vulnerabilities.

Experience in conducting formal threat modeling using frameworks like STRIDE to identify potential security flaws in the design phase.

Experience with AI / ML security testing methodologies, including understanding of OWASP Top 10 for Large Language Models (LLMs) and common AI security vulnerabilities, and using AI to improve pentesting.

Experience with prior development work.

Experience with application reverse engineering and using tools such as : Java decompilers, .Net decompilers, IDAPro, etc.

Experience with Capture The Flag (CTF) competitions and bug bounty programs.

Relevant industry certifications such as OSCP, eWPTX, CCSP, GCP Professional Cloud Security Engineer, etc.

CME Group : Where Futures are Made

CME Group is the world's leading derivatives marketplace. But who we are goes deeper than that. Here, you can impact markets worldwide. Transform industries. And build a career by shaping tomorrow. We invest in your success and you own it – all while working alongside a team of leading experts who inspire you in ways big and small. Problem solvers, difference makers, trailblazers. Those are our people. And we're looking for more.

At CME Group, we embrace our employees' unique experiences and skills to ensure that everyone's perspectives are acknowledged and valued. As an equal-opportunity employer, we consider all potential employees without regard to any protected characteristic.

Important Notice : Recruitment fraud is on the rise, with scammers using misleading promises of job offers and interviews to solicit money and personal information from job seekers. CME Group adheres to established procedures designed to maintain trust, confidence and security throughout our recruitment process. Learn more here.

Skills Required

threat modeling , Scripting Languages, Penetration Testing

Create a job alert for this search

Security Engineer Iii • Bengaluru / Bangalore, India

Related jobs

Promoted

Security Engineer [T500-20670]

Delta Air LinesBengaluru, Karnataka, India

About Delta Tech Hub : Delta Air Lines (NYSE : DAL) is the U.Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining ou...Show moreLast updated: 16 days ago

Promoted

CipherTrust Engineer

Capgeminihosur, tamil nadu, in

We are seeking a skilled and experienced professional in.Encryption, Key Management, and Cryptography.Vormetric Data Security Manager (DSM). Onboard applications, databases, and storage platforms in...Show moreLast updated: 19 days ago

Promoted

Security Engineer - DNS Security (Immediate Joiner)

SHI Solutions India Pvt. Ltd.Bengaluru, Karnataka, India

Role : Security Engineer – DNS Security (Immediate Joiner).The design, deployment, tuning and operationalization of enterprise-grade DNS security using Cisco Umbrella, Infoblox DDI, and related tool...Show moreLast updated: 11 days ago

Promoted

Senior Security Automation Engineer (India) — Python, API Integrations, Databricks

Symosis SecurityBengaluru, IN

Symosis is a fast-growing US cybersecurity and engineering firm building real, high-impact security automation for some of the largest tech companies in the world. We move fast, solve hard problems,...Show moreLast updated: 5 days ago

Promoted

DevSecOps / AppSecOps Staff Engineer

First American (India)hosur, tamil nadu, in

Our people-first culture empowers bold thinkers and passionate technologists to solve real-world challenges through scalable architecture and innovative design. If you're driven by impact, thrive in...Show moreLast updated: 30+ days ago

Promoted

Security Engineer (Firewall)

Insight GlobalBengaluru, Karnataka, India

Title : Tier 2 / 3 Security Engineer.Show moreLast updated: 12 days ago

Promoted

Security Engineer

TalentiserBengaluru, Karnataka, India

We’re Hiring : Traffic Security Engineer | Bengaluru, India.Location : Bengaluru | 💼 Experience : 5+ years | 🕒 Full-time. We’re looking for a highly skilled Traffic Security Engineer to design and im...Show moreLast updated: 19 days ago

Promoted

Senior Product Security Engineer

GrowwGreater Bengaluru Area, India

We are a strong and enthusiastic team focused on making financial services accessible to every Indian through a multi-product platform. Each day, we help millions of customers take charge of their f...Show moreLast updated: 1 day ago

Promoted

Security Engineer

Tata Consultancy ServicesBengaluru, Karnataka, India

Location : Hyderabad, Chennai, Bengaluru.Will be responsible for supporting public key infrastructure systems, both internally and externally. Responsible for issuing, renewing, and deploying certif...Show moreLast updated: 3 days ago

Promoted

Senior Security Engineer

Victoria’s Secret & Co.Bengaluru, Karnataka, India

Position Title : Senior Security Engineer.The ideal candidate will have deep expertise in manual account provisioning, advanced proficiency in SailPoint (including SailPoint IdentityNow / Cloud), and...Show moreLast updated: 8 days ago

Promoted

Cyber Security Engineer

Tata Consultancy ServicesBengaluru, Karnataka, India

We are currently planning to do a Walk-In Interview on 22nd November 2025 at TCS Chennai.Strong understanding of log management and SIEM concepts. Proficiency in log source onboarding, parsing, and ...Show moreLast updated: 30+ days ago

Promoted

Security Engineer III

CME GroupBengaluru, India

Promoted

Security Compliance Engineer

ImageKit.ioBengaluru, IN

As long as you have a stable internet connection, you can work from anywhere in the world.We do meet up if you are in Delhi NCR or on our company trips. Have you ever ordered with Swiggy or BigBaske...Show moreLast updated: 2 days ago

Promoted

SAP Cloud Security Engineer [T500-21515]

ADMBengaluru, Karnataka, India

We are one of the world’s largest nutrition companies and a global leader in human and animal nutrition.We unlock the power of nature to provide nourishing quality of life by transforming crops int...Show moreLast updated: 3 days ago

Promoted

C&S Infrastructure Security Engineer

Tata Consultancy ServicesGreater Bengaluru Area, India

C&S Infrastructure Security Engineer – Windows server OS and Mac OS.Windows OS, Mac Os Developer, server.Windows Server OS and Mac OS environment. Hands-on experience in analyzing, testing and imple...Show moreLast updated: 1 day ago

Promoted

Security Engineer - II

ConfidentialBengaluru / Bangalore, India

Kapiva (Series-C funded) is on a journey of transformation — from being one of India's leading modern Ayurvedic nutrition brands to becoming a health-tech company that leverages technology to drive...Show moreLast updated: 22 days ago

Promoted

OT Security Engineer [T500-21475]

ADMBengaluru, Karnataka, India

Promoted

Senior Security Engineer – Cloud, AI & Application Security

Symosis SecurityBengaluru, IN

Symosis Security is a fast-growing cybersecurity and technology firm helping global organizations strengthen their cloud, application, and AI security posture. We combine deep technical expertise wi...Show moreLast updated: 13 days ago