Security Researcher

at Appknox

Posted by Amrita Panigrahy
Remote, Bengaluru (Bangalore)
2 - 5 yrs
Best in industry
Full time
Web application security
Penetration testing
Mobile security
IT audit
Vulnerability assessment
IT security
IT security assessment


Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru.

The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits.

Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally.

We are a 40+ incredibly passionate team working to make an impact and help some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited, and let’s speak further.

The Opportunity

To join the security team engaging with multiple clients, helping them with end-to-end security audits, also researching new topics and vulnerabilities to be added to the scanner, present research at conferences.

What An Ideal Candidate Would Look Like: 

  • Skills - Application Penetration Testing, experience with IoT testing, source code audits.
  • Technology Stack: Python
  • Responsibilities: Engage with clients for scoping call, perform security audits, and remediation call with clients to patch the issues, research on new technologies/vulnerabilities

Minimum Requirements

  • Should have at least 2 years of experience in security or show something that proves experience doesn’t matter
  • Must be comfortable with tools like burp suite, 
  • Strong Analytical Skills
  • Strong grasp of fundamentals of information security
  • Strong Grasp of Web and API Pen-Testing
  • Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used
  • Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings.
  • Provide appropriate remediation and mitigations of the identified vulnerabilities.



  • Security assessment of web applications.
  • Develop and interpret security standards and guides
  • Automation of security test cases
  • Understand and explain the results with impact on business and compliance status
  • Continuously learning and training on the latest tools and techniques



Work Expectations

Within 1 month

Training on processes, security workflow

Within 3 months

Pentesting Web, Mobile and API endpoints

Within 6 months

Research and publish whitepapers, contribute to the Appknox Web Scanner

Personality traits we really admire:-

  • A confident and dynamic working persona, which can bring fun to the team, and a sense of humor, is an added advantage.
  • Great attitude to ask questions, learn and suggest process improvements.
  • Has attention to detail and helps identify edge cases.
  • Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster.
  • Follow timelines and have an absolute commitment to deadlines.

Interview Process - would be team specific

  • Round 1 - Profile Evaluation
  • Round 2 - Appknox CTF Challenge
  • Round 3 -Technical Interview with security team members
  • Round 4 - Technical Interview with the CTO and Team Lead
  • Round 5 - HR Round


  •  As per Industry Standards

Why Join Us:-

  • Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours.
  • Great Salary & Equity: We keep up with the market standards & provide pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also provide equity options for our top performers.
  • Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to training and develop our assets: the employees. We shall also support you all on that journey of yours.
  • Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will give you the opportunity to experience it all first-hand.
Read more

About Appknox


Appknox, a leading mobile app security solution HQ'D in Singapore & Bangalore was founded by Harshit Agarwal and Subho Halder.

Since its inception, Appknox has become one of the go-to security solutions with the most powerful plug-and-play security platform, enabling security researchers, developers, and enterprises to build safe and secure mobile ecosystems using a system-plus human approach.

Appknox offers VA+PT solutions ( Vulnerability Assessment + Penetration Testing ) that provide end-to-end mobile application security and testing strategies to Fortune 500, SMB and Large Enterprises Globally helping businesses and mobile developers make their mobile apps more secure, thus not only enhancing protection for their customers but also for their own brand. 

During the course of 8 years, Appknox has scaled up to work with some major brands in India, South-East Asia, Middle-East, Japan, and the US and have also successfully enabled some of the top government agencies with its On-Premise deployments & compliance testing. Appknox helps 500+ Enterprises which includes 20+ Fortune 1000 and with ministries/regulators across 10+ countries and some of the top banks across 20+ countries.

A champion of Value SaaS, with its customer and security-first approach Appknox has won many awards and recognitions from G2, Gartner and is one of the top mobile app security vendors in its 2021 Application security Hype Cycle report. 

Our forward-leaning, pioneering spirit is backed by SeedPlus, JFDI Asia, Microsoft Ventures, and Cisco Launchpad and a legacy of expertise that began at the dawn of 2014.

Read more
Company video
Connect with the team
Subho Halder
Praseetha KR
Vaidyanath Balasubramanian
Sharat M
Anushka Tharad
Abhinav Vasisth
Prashant Raj
Raghunandan J
Siddharth Saxena
Gaurav Gupta
Suresh Kumar
Company social profiles
Why apply to jobs via Cutshort
Personalized job matches
Stop wasting time. Get matched with jobs that meet your skills, aspirations and preferences.
Verified hiring teams
See actual hiring teams, find common social connections or connect with them directly. No 3rd party agencies here.
Move faster with AI
We use AI to get you faster responses, recommendations and unmatched user experience.
Matches delivered
Network size
Companies hiring

Similar jobs

An Indian energy and power company.
Agency job
via Jobdost by Sathish Kumar
3 - 10 yrs
₹5L - ₹15L / yr
Network Security
Cyber Security
IT security
Web application security
Torrent Power is an Indian energy and power company, having interests in power generation, transmission, distribution and manufacturing and supply of power cables.

Security (AM/Executive)

• To design the security infrastructure / policies for the organisation, implement & monitor the same
• To ensure security compliance with respect to recommendations received from government agencies like CEA, NCIIPC
• Design, review, implement & monitor IT security related controls as part of Internal
• Controls, IFC, ERM
• ISMS certification (ISO 27001) for IT systems; this will include preparation and periodic review of policies and SOPs, regular trainings and maintaining records in prescribed formats
• Conducting internal security audit and generating reports by deploying VA tools
• Periodic security/VAPT audits and implementation of the findings
• IT security related new initiatives like - Security Operations Centre (SOC), Security Information and Event Management (SIEM), cloud security, EMM-enterprise mobility management
• Creating IT Security awareness within the organisation
Read more
5 - 10 yrs
₹7L - ₹15L / yr
Information security management system
Cyber Security
Risk Management
ISO/IEC 27000-series
+7 more
● Lead the Cyber Security, Data Privacy and IT Compliance
● Be a self-driven / quick starter, Have an ownership mindset,
Aggressively drive and deliver results
● Excellent understanding and working knowledge of cloud
based SAAS applications
● Interpret cybersecurity relevant regulatory and other
requirements, or best practices, and translate these to
business-aligned cybersecurity program requirement
● Manage the delivery of cybersecurity projects within
agreed scope, cost, and timescales.
● Input into the design and implementation of standards,
policies, guidelines, and appropriate architectural
principles to ensure the firm’s cyber security goals
continue to be met
● Provide risk-based direction in conjunction with IT Services
for future system enhancements in line with the overall
firm’s strategy
● Continuously evaluate capabilities and drive improvements
to ensure effective preparation, detection, containment,
investigation, remediation & recovery.
● Actively work with stakeholders such as DevOps,
Engineering team, and Infra team to drive solutions
Successful results.
● Highly developed knowledge of cyber security and risk
management principles, practices and project
management skills.
Read more
Remote only
2 - 8 yrs
₹15L - ₹50L / yr
Design review
Vulnerability assessment
Amazon Web Services (AWS)
Web application security
Secure SDLC
+1 more

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

  • Contribute to and improve secure SDLC practice
  • Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
  • Designing and implementing cloud and network security solutions.
  • Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
  • Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
  • Proactively identify vulnerabilities across our platform and work with developers in fixing them.
  • Automate and simplify security, as “Complexity is the enemy of Security”.
  • Handle Vulnerability Management and Patch Management processes.
  • Participate in the investigation related to Privacy/Security incidents and response activities.
  • Work with DevOps to implement the security tools and automation of the security tasks.
  • Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
  • Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

  • A minimum of 4 years of experience as an AppSec Engineer
  • Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
  • Hands-on experience in secure code review and automation of common security workflows.
  • Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
  • Good understanding of OWASP and SANS testing methodologies.
  • Good understanding of software security weaknesses and vulnerabilities.
  • Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
  • Ability to contribute as an individual and as part of a team
  • Working knowledge of any scripting language; Python or Go preferred
  • Experience in writing custom tools/scanners/extenders is a plus
  • Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

Read more
Posted by Human Resources
Remote only
1 - 4 yrs
₹6L - ₹8L / yr
Cyber Security
Web application security
Penetration testing
Vulnerability assessment
Vulnerability scanning

About us

Astra Security is a Techstars backed cybersecurity company building software as a service (SaaS) solutions to secure businesses. We are amongst the few technology startups that offer a suite of features such as on the cloud Pentest, Firewall, and Malware scanners in a well-packaged suite for small & medium enterprises. With an aim to offer a homogenous experience to its customers, Astra Security incorporates cutting-edge solutions that are easy to comprehend and tailor-made to suit any business requirement.

The company has earned several accolades including ‘The Most Innovative Security Company’ by Prime Minister Narendra Modi at the Global Conference on Cyber Security (2017), one of the top 50 emerging cybersecurity companies at ‘Emerge 50’ by NASSCOM, the French Tech Ticket under which Astra Security got rewarded by the President of France under the La French Tech program. In 2020, Astra Security was also named as a CyberTech100 company. Astra is a trusted security partner to some of the well-known brands like Vodafone, Lynas, Kotak Securities, Unilever, NIIT, TEDx, Muthoot, Ford, Gillette, etc.

We at Astra Security are looking for a security engineer with an experience in VAPT of web applications, mobile apps and network devices etc. Apart from core security skills, the soft skills of interacting with CXO’s/developers and preparing executive reports are a must. Having experience with bug bounties will be a great addition.You’ll get to work on Astra's next generation Pentest Suite which is loved by thousands of companies across the globe.

Experience Required:

  • Relevant certifications (we’re not a fan of these, but often clients request engineers with certifications)
  • 2+ years of experience in VA/PT

Job Responsibilities:

  • VA/PT for web apps, SaaS apps, network devices, open-source projects, mobile apps, etc.
  • Developing & testing rule sets for our pentest suite
  • Preparing pentest reports through Astra’s pentest suite

  • Interacting with clients over remediation calls
  • Explaining steps to fix to clients
  • Maintaining our vulnerability management system

Key Skills Required:

  • Web App Security (ZAP, Burp Suite, Manual & Automated Testing, Comfortable in Black Box/WhiteBox testing with capability of finding business logic vulnerabilities, OWASP testing guide)
  • Knowledge of how to set up & pentest CMSs like WordPress, Magento, OpenCart, Prestashop, Drupal, etc.
  • Knowledge of LAMP stack & PHP would be great to have

We Offer:

  • Adrenalin rush of being a part of a growing company
  • Holistic understanding of SaaS and enterprise cloud security business
  • Competitive compensation
  • Opportunity to engage and collaborate with developers globally
  • Annual trips to beaches or mountains
  • Amazing colleagues from top companies like Amazon, PwC, Bigbasket, Mobikwik, etc.
    Interactive calls/games :)
  • Remote-first company
Read more
Disruptive Digital Healthcare Platform
Agency job
via Unnati by Veena Salian
Bengaluru (Bangalore)
4 - 5 yrs
₹13L - ₹14L / yr
Internal audit
Information security
IT security
+1 more
Our client is the Health-tech initiative of India's largest business house. Started in 2015, it empowers healthcare providers and consumers in India. All healthcare monitoring services are made available through an app that will help connect doctors, hospitals, pharmacies, laboratories and consumers, enabling preventive and predictive healthcare. It helps the care-givers to track the entire patient journey from the initial appointment and maintaining their records, generating lab test reports to providing virtual consultation and home-care solutions. It is expected that this futuristic guide will strengthen doctor-patient relationship and enhance the in-clinic experience.
As a Associate/ Sr Associate-Information Security, you will be responsible for helping the management in creating IT policies and assisting the various processes and the management team to ensure adherence to the adopted policies and established procedures.

What you will do:

  • Working closely with the external auditors to achieve common goals
  • Conducting Enabling Service Audit (HR, Admin, IT) once in 6 months for the verification of ISMS & QMS Standards
  • Performing ISMS and Internal Audit
  • Being part of the external Audits (ISMS, QMS & CMMI)
  • Managing of implementation of ISMS


Desired Candidate Profile

What you need to have:

  • Strong communication and team building skills with proficiency at grasping new technical concepts quickly and utilizing the same in a productive manner
  • Experience in ISO27001, Internal Audits, CMMI    


Read more
Posted by Hema Chandwani
Bengaluru (Bangalore)
5 - 8 yrs
₹9L - ₹15L / yr
Shell Scripting
Cyber Security
Endpoint protection
Web application security
Information security
+1 more

Desired Skills

To have skills:

·       Proven technical expertise in cyber security domains, i.e. endpoint security, application security testing.

·       Knowledge and experience in public cloud solutions.

·       Knowledge on network security, networking concepts and architectural implementations.

·       Knowledge on vulnerability testing and define proper remediation’s.
Experience with application, database, and infrastructure security.

·       Shell scripting experience - Shell/Bash/Python.

·       Working experience of Linux operation.


Desire to have skills:

·       One or more of the following cyber security certifications: CEH, CISSP, OSCP, SSCP  CCSP.

·       Excellent problem solving, and follow-up skills.

·       Ability to convey technical security concepts to non-technical audiences.

Read more
this IT company is looking for candidates for this profile.
Agency job
via IT company by Damini Rautela
7 - 12 yrs
₹10L - ₹18L / yr
IT security
Security Information and Event Management (SIEM)
Information security
+3 more
Job Description
IT Security Manager- 8-12 Years

NOTE - We are looking for those candidates who can join immediately or within 15-20 days of the notice period.
Key Responsibilities:
• Lead IT security projects including design and implementation of security infrastructure &software
• Experience working with Linux/UNIX administration"

• Define next gen IT security strategy, architecture, and processes for the group
• Analyse business requirements by partnering with key stakeholders across the organization to develop security solutions
• Lead validation of BCP & DR as per the organizational needs
• Experience with framing apolicies, processes and procedures and their implementation of IT Security for both On premise and Cloud infrastructure
• Write or review security-related documents, such as incident reports, proposals, and tactical or strategic initiatives.
• Maintain and manage security for all existing and new IT infrastructure and Applications
• Monitor security performance of information technology systems to drive cost and productivity levels, and to make recommendations for improving & standardization of the IT infrastructure
• Develop strategies for infra and application hardening
• Hands on experience with implementation of various security products & infrastructure
• Testing, troubleshooting, and modifying and ensure no performance impact on the systems so that they operate effectively
• Prepare plan and strategies to ensure security of the organization including both high and low risk events.
• Develop budgets for security operations and new initiatives.
• Coordinate security operations, Audit & Compliance activities along with law enforcement and government agencies.
• Ensure completeness of documentation and have exposure to ISO 27001, ISMS policies
• Work with key IT service providers to ensure industry standard platform, network and endpoint security posture
Key Skills required:
• Critical Infrastructure Management- (Manage SPI, Certification resources and infrastructure)
• WAF – Barracuda, Cloudflare, Akamai
• Cloud Security – AWS and Azure are preferred
• Work with Software and teams in resolving vulnerabilities
• SSL and PKI infrastructure management
• SIEM – Event Management, Endpoint Management, Threat analysis, patch Management
• Anti-Virus (VDC and Global Endpoints)- Web content filtering, Definition updates,
• Time Monitoring – system health checks and resource utilization checks, SIEM log analysis
• Log Monitoring and Log Analysis – collect, alert, store, search, report and share system and WAF logs
• Manage compliance – PCI, ISO
• Ability to work in global environments with teams spread globally
• Multi-tasking and time-management skills, with the ability to prioritize tasks.
• Highly organized and detail oriented.
• Excellent analytical and problem-solving skills.
• Experience with framing policies, processes and procedures and their implementation of IT Security for both On premise and Cloud infrastructure
experience with policies
• blue team (any experience with defending the network)
any experience with vulnerability assessment and PT
Read more
this It company is hiring for this profile
Agency job
via IT company by Damini Rautela
2 - 3 yrs
₹7L - ₹8.5L / yr
IT security
Security Information and Event Management (SIEM)
+3 more

NOTE- we are looking for hose who can join  immediately or within notic period of 15-20days.
(wfh till pandemic)
• Job Scope
o Analyse incident in our security devices, conducting investigation and finding the
root cause of incidents.
o Managing endpoint detection security system
o Managing, configuration and fine tuning of on-prem firewall and WAF
o Provide and advise IT team on security and IT related issues such as network
configuration, firewall configuration, etc
o Ensuring all utilized cloud services are secured and the configuration comply to best
practices benchmark
o Communicate risk and recommendations to mitigate risk to the senior
administration by communicating in non-technical format
o Assists other department to ensure regulatory compliance to any necessary
• Minimum Requirements
o At least 2 years of experiences in managing endpoint detection system, WAF and
o Hands on experience on cloud environment preferably Microsoft Azure.
o Bachelor’s degree of any IT related courses.
o Strong understanding of incident detection and response process and procedure
o Strong knowledge in networking and in operating system such as
Read more
Bengaluru (Bangalore)
8 - 12 yrs
₹20L - ₹22L / yr
Cyber Security
Security Information and Event Management (SIEM)
Security architecture
+14 more

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting

Read more
Posted by Ponmuthumari Mohan
Bengaluru (Bangalore)
3 - 9 yrs
₹8L - ₹12L / yr
Web application security


  • Overall experience in the field of Information risk and security related initiatives/ projects.
  • Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
  • Ability to understand business concepts and integrate business risk elements into security operations.
  • Experience in conducting VAPT.
  • Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
  • Strong ethics and understanding of ethics in business and information security.
  • Should have exposure to Code review, Network VA/PT and App VA/PT work.
  • Understanding and familiarity with common code review methods and standards.
  • Experience with code scanning toolsets such as Fortify and Ounce.
  • Understanding of HTTP and web programming.
  • Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
  • Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
  • In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.
Read more
Did not find a job you were looking for?
Search for relevant jobs from 10000+ companies such as Google, Amazon & Uber actively hiring on Cutshort.
Get to hear about interesting companies hiring right now
iconFollow Cutshort
Want to apply to this role at Appknox?
Why apply via Cutshort?
Connect with actual hiring teams and get their fast response. No spam.
Learn more
Get to hear about interesting companies hiring right now
iconFollow Cutshort