Job Description

Overview:

Job Title:

Product / Application Security Engineer

----------------------------------------------------------

Location: Bengaluru (On-Site)

Department:

Product Security / Engineering

Reports To:

Product Security Lead / Director of Security / CISO###

About the Role

We are seeking a passionate

Product/Application Security Engineer

to help design, build, and maintain secure applications across our product portfolio. You will work closely with developers, architects, and DevOps teams to ensure security is embedded throughout the Software Development Life Cycle (SDLC).
This role bridges

offensive and defensive security

, requiring hands-on experience with secure design, code review, threat modeling, Penetration testing and vulnerability remediation -- helping the organization "build security in" from concept to deployment.###

Key Responsibilities

Perform

application security assessments

, including manual and automated testing for web, API, Infrastructure and mobile platforms. Collaborate with developers and architects to integrate

security controls and best practices

into CI/CD pipelines. Conduct

secure code reviews

,

threat modeling

, and

design reviews

for new and existing products. Build and maintain

security automation

, leveraging tools like Burp Suite, ZAP, Trivy, Snyk, SonarQube, or custom scripts. Support

DevSecOps initiatives

--integrating static, dynamic, and dependency scanning into build pipelines. Work with Product and Engineering teams to triage and remediate vulnerabilities found through penetration tests, bug bounty reports, or customer findings. Assist in basic

security reviews for AI-integrated features

, such as validating API access controls and protecting inference endpoints. Support investigation of

prompt injection or model abuse scenarios

in LLM-driven applications (when applicable).
###

Required Qualifications

Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). 2-4 years of hands-on experience in

application or product security and penetration testing

. Strong understanding of

OWASP Top 10

,

SANS CWE-25

, and modern web/mobile security practices. Familiarity with

SDLC, CI/CD

, and tools such as GitHub Actions. Working knowledge of

cloud security (AWS, GCP, Azure)

and containerized environments (Docker, Kubernetes). Experience using tools like

Burp Suite, ZAP, Nmap, SonarQube, Veracode, or Checkmarx

.
###

Preferred Skills

Familiarity with

threat modeling frameworks

(STRIDE, PASTA, LINDDUN). Experience developing

security automation

in CI/CD. Certifications such as OSWE or CEH are a plus- Not mandatory Strong communication and documentation skills -- ability to translate technical risks into business impact.

What's in it for you?

Aptean offers competitive pay and robust benefit plans along with the opportunity to


grow your career in a fast-paced, flexible and casual environment, an outstanding


opportunity for career development and growth.

About Aptean

At Aptean, our mission is to solve tomorrow's unique challenges today with unrivaled,


purpose-built software and superior customer experiences from people who care.


Aptean is a global provider of mission-critical, industry-specific software solutions.


Aptean' s purpose-built ERP and supply chain management solutions help address the


unique challenges facing process and discrete manufacturers, distributors and other


focused organizations. Aptean' s compliance solutions are built for companies serving


specific markets such as finance, healthcare, biotech and pharmaceuticals, over 10,000


highly specialized organizations in more than 20 industries and 80 countries rely on


Aptean to streamline their everyday operations.



"At Aptean, our global and diverse employee base is our greatest asset. It is through


embracing and understanding our differences that we are able to harness our individual


power to maximize the success of our customers, our employees and our company." -

TVN Reddy



Aptean pledges to promote a company culture where diversity, equity and inclusion are

central. We are committed to applying this principle as we interact with our customers,

build our teams, cultivate our leaders and shape a company in which any employee can

succeed, regardless of race, color, sex, national origin, sexuality and gender identity,

religion, disability or age. Celebrating our diverse experiences, opinions and beliefs

allows us to embrace what makes us unique and to use this as an asset in bringing

innovative solutions to our customer base.