Senior Application Security Engineer (Urgent)

About NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Through Managed Extended Detection and Response (MXDR), Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Advisory Services, we fortify our clients’ cybersecurity across both offense and defence.

Our AI-driven Nopal360° platform, NopalGo mobile app, and proprietary Cyber Intelligence Quotient (CIQ) enable organizations to quantify, track, and visualize their cybersecurity posture in real time. We democratize enterprise-grade security operations for organizations of all sizes by lowering the barrier to entry while raising the bar for security and service.

Location : Nopal Cyber, Hyderabad (Work from Office, 5 Days a Week)

Employment Type : Full-time

Key Responsibilities

• Run Static Application Security Testing (SAST) using tools such as SonarQube, Fortify, Checkmarx, Veracode, etc., to identify source-code vulnerabilities across multiple languages and frameworks (Java, .NET, Python, JavaScript, etc.).
• Configure and execute SAST scans, fine-tune rules, manage false positives, and integrate scans into CI / CD pipelines.
• Perform Dynamic Application Security Testing (DAST) (authenticated and unauthenticated) on web apps, APIs, and services; analyse results and validate findings.
• Combine SAST and DAST outputs to provide holistic vulnerability coverage and support secure SDLC initiatives.
• Plan and conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, APIs, and backend services to identify business logic, configuration, and runtime flaws.
• Map VAPT findings back to code-level issues discovered in SAST to close the loop with development teams.
• Work with developers and DevSecOps engineers to remediate vulnerabilities and embed security testing into build pipelines.
• Use Software Composition Analysis (SCA) tools such as Snyk, White Source, Nexus Lifecycle, Black Duck to identify open-source and third-party risks (vulnerabilities, license issues, outdated components).
• Generate, validate, and manage Software Bills of Materials (SBOMs) in formats like CycloneDX and SPDX to strengthen software supply chain security.
• Monitor transitive dependencies and unverified sources to prevent supply-chain compromise.
• Apply secure coding principles aligned with OWASP Top 10, CWE, and language-specific security pitfalls.

Required Skills & Experience

Educational Qualifications

Personal attributes