Job Description

Company Description
About IGT1 Lanka
IGT1 Lanka is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world's leading private equity firms; EQT Group, Hg, and TA Associates. We're also proud to be a sister company of IFS, Sri Lanka's largest and most established technology company.
At IGT1 Lanka, we partner with global businesses to scale operations, accelerate innovation, and build world-class SaaS platforms through high-quality offshore delivery. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives.
With a team of over 300 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary.
Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives.
About Workwave
WorkWave is a field service management software that provides SaaS solutions for businesses in the service industry (HVAC, Plumbing & Electrical, Cleaning, Lawn & Landscape, Home Delivery, Logistics & Distribution). We empower these businesses to deliver exceptional customer experiences and grow their customer base on our efficient and easy-to-use platform.
WorkWave Team is looking for innovative Application Security Engineers who want to be part of a team of creative and talented individuals. Our teams are a mix of technologists, product managers, development engineers, and UI/UX designers, all working together to deliver our vision. You will be a part of our WorkWave team, helping to develop & support the WorkWave products.

The ideal candidate should have expertise in compliance and security standards such as PCI DSS, SOC, ISO, and Privacy Shield / Data Privacy Framework. Key responsibilities include ensuring the security of desktop, web, and mobile applications through vulnerability assessments, penetration testing, security scans, and architecture design reviews.
Responsibilities

• Ensure application security measures comply with industry standards (e.g., PCI DSS, SOC 2, ISO 27001). Maintain security policies and support compliance audits.
• Conduct regular vulnerability assessments and manage remediation. Implement and maintain vulnerability management tools.
• Perform penetration testing on desktop, web, and mobile applications. Document the findings and collaborate with development teams to implement fixes.
• Conduct regular security scans and audits using SAST, DAST, SCA, and IAST tools.
• Review application architecture for security best practices, Provide secure coding guidance and participate in release readiness reviews.
• Ensure data security through encryption and access controls. Implement data protection strategies and follow "Privacy by design" principles.
• Perform network vulnerability assessments and firewall audits, and address potential security weaknesses.
• Collaborate with cross-functional teams to integrate security into the SDLC.
• Provide security training and assist in developing incident response plans.

Qualifications

• Bachelor's degree in computer science, Information Security, or related field. Relevant certifications such as CEH, CHFI, Security+, CSSLP would be an added advantage.
• 4+ years of experience in application security, focusing on desktop, web, and mobile applications.
• Proven experience with compliance standards and frameworks (PCI DSS, SOC 2, ISO 27001, Privacy Shield).
• Hands-on experience with vulnerability assessment tools and techniques (Qualys, Blackduck, Polaris, BurpSuite, Nmap, Firewalls, WAF, IDS, IPS, Kali Linux).
• Strong background in penetration testing and security audits.
• Familiarity with SAST, DAST, SCA, and IAST tools.
• In-depth knowledge of application security principles, cryptography, authentication, and authorization.
• Experience with secure coding practices and application architecture design review.
• Ability to work independently and as part of a team.
• Strong analytical and problem-solving skills, with excellent communication and interpersonal abilities.

Additional Information
We believe that coming together as a community, in person, is important for innovation, connection and fostering a sense of belonging. Our roles have the right balance of remote and in-office working to enable flexibility for managing your life along with ensuring a real connection with your colleagues and the broader IFS community.