Job Description

About Us

------------



Exotel is a leading provider of AI transformation solutions for enterprise customer engagement and experience. With over 20 billion annual conversations across omnichannel, voice, agents, and bots, Exotel is trusted by 7,000+ clients worldwide, spanning industries such as BFSI, Logistics, Consumer Durables, E-commerce, Healthcare, and Education. Customer expectations are evolving rapidly, and businesses face the challenge of balancing revenue growth, cost optimisation, and exceptional CX. Exotel steps in as the transformative partner, delivering AI-powered communication solutions that address all three -- enabling businesses to engage smarter, faster, and better.

About the Role

------------------



As our Application Security Engineer, you will get to work on the security of our apps/services - Web, Mobile and API-based at Scale. Implementing granular security controls at various points of the Secure Software Development Lifecycle.




The Goal is to build Seamless Security. We want you to redefine how developers view security, eliminating friction and improving Security natively.



You will work closely with other Security functions,Infra , Architects and Developers to build highly reliable and secure products.

Responsibilities

Threat modeling experience for any Web/Mobile/API Application/Service, prior experience of 1-2 years is desirable.

Expertise in 1 or more of the following areas:- + API Security + Web Application Security
+ Mobile Application Security
Assist the Application Security Lead in Secure by Design reference architectures for Developer adoption- Secure Architecture frameworks.

Build the SCA(Software Composition Analysis) map for all the third party dependency usage at Scale and prioritize vulnerabilities based on EPSS,CISA KEV.

Vulnerability Identification and Remediation with focus on vulnerability prioritization using EPSS,CISA KEV

Build a robust SSDLC pipeline and envision frictionless experience for Developers in the lifecycle. Including but not limited to SAST , DAST and other Security tools in the lifecycle.


Work on findings evaluation, prioritization and fix/mitigate at scale.


Implement Data Security standard and work with Engineering to work on Sensitive Data leakage.

Work on providing proactive Security Best practice evaluation and enforcement for third party applications (COTS-Commercial-Off-the-Shelf) .

Contribute to the Security Champions program training modules.

Work with Cloud Security to improve Web App Firewalls (WAF) fine tuning for applications/services at use at Exotel.

Work on Security Incidents for Applications/Services across the ecosystem.

Requirements

Overall 5-7 years of relevant experience

Bachelor's degree in Computer Science or a related technical discipline, or equivalent practical experience.

Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization. Prior Experience in solving any of OWASP Top 10 highly desirable.

Good understanding of Linux and Windows OS, TCP/IP protocol stack and networking fundamentals, and security principles at all layers of the OSI stack

Experience with API security, network security, cryptography, PKI, certificate management,

Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar

Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports using tools like Burp Suite, Paros, AppScan, Wireshark, Nmap, and Nessus.

* Advanced Expertise in at least one language, Shell scripting/Python/Go/NodeJS