7+ OWASP Jobs in Bangalore (Bengaluru) | OWASP Job openings in Bangalore (Bengaluru)

About the role:

We are looking for a skilled and driven Security Engineer to join our growing security team. This role requires a hands-on professional who can evaluate and strengthen the security posture of our

applications and infrastructure across Web, Android, iOS, APIs, and cloud-native environments.

The ideal candidate will also lead technical triage from our bug bounty program, integrate security into the DevOps lifecycle, and contribute to building a security-first engineering culture.

Required Skills & Experience:

● 3 to 6 years of solid hands-on experience in the VAPT domain

● Solid understanding of Web, Android, and iOS application security

● Experience with DevSecOps tools and integrating security into CI/CD

● Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models

● Familiarity with bug bounty programs and responsible disclosure practices

● Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc

● Good knowledge of API security

● Scripting experience (Python, Bash, or similar) for automation tasks

Preferred Qualifications:

● OSCP, CEH, AWS Security Specialty, or similar certifications

● Experience working in a regulated environment (e.g., FinTech, InsurTech)

Responsibilities:

● Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web,

Android, iOS, and API endpoints

● Perform Threat Modelling & anticipate potential attack vectors and improve security

architecture on complex or cross-functional components

● Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities

● Conduct secure code reviews and red team assessments

● Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines

● Automate security checks using tools like SonarQube, Snyk, Trivy, etc.

● Maintain and manage vulnerability scanning infrastructure

● Perform security assessments of AWS, Azure, and GCP environments, with an emphasis

on container security, particularly for Docker and Kubernetes.

● Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring

● Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines

● Triage bug bounty reports and coordinate remediation with engineering teams

● Act as the primary responder for external security disclosures

● Maintain documentation and metrics related to bug bounty and penetration testing

activities

● Collaborate with developers and architects to ensure secure design decisions

● Lead security design reviews for new features and products

● Provide actionable risk assessments and mitigation plans to stakeholders

3+ years of experience in cybersecurity, with a focus on application and cloud security.

· Proficiency in security tools such as Burp Suite, Metasploit, Nessus, OWASP ZAP, and SonarQube.

· Familiarity with data privacy regulations (GDPR, CCPA) and best practices.

· Basic knowledge of AI/ML security frameworks and tools.

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

• OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
• OWASP TOP 10 vulnerabilities and their mitigations
• Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
• Understand/modify exploit code and find logical security flaws in applications
• Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
• To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.

Your Impact:

•                 Implements Digital Consumer experiences based on a foundation of SFCC (Salesforce commerce cloud) to meet expected quality standards

•                 Ensures functional requirements and high-level solution designs are understood and are translated into detailed technical design

•                 Implement proofs of concept to prove any new technologies, application flows or integration scenarios and identify customizations needed to SFCC platform for meeting client requirements

•                 Guides the performance tuning and scalability of the ecommerce solution

•                 Diagnose and solve technical problems during implementation and support phases

Your Skills & Experience:

•                 4-8 Years with 2+ years of implementing commerce application on any eCommerce platform in last 3 years

•                 If you have not worked in eCommerce platform, we can still discuss with you if you are expert in Java/.Net and understand REST/SOAP webservices.

•                 Demonstrate proficiency in build and release management using CI/CD strategies (leveraging tools like Jenkins and DevOps practices), implement Mocha/Chai unit and functional test cases in order to reduce costs while ensuring quality

•                 Contributes to designing, implementing and documenting the build release process as well as system configuration and deployment characteristics of the applications

•                 Participates in technical walkthroughs/ code reviews of other team members’ components, test plans and results and help them with gaps

•                 Collaborate with architect to define implementation processes and quality gates and standards

•                 Identifies risks and issues, and help monitor them

•                 Guides the development of reference and resource materials

•                 Mentors developers in improving their platform knowledge and development skills

•                 Communicate technical design to the developers and help/guide them in the implementation

•                 Participates in Agile sprints

Set Yourself Apart With:

•                 eCommerce platform certification

•                 Security considerations – OWASP, CSRF, reCAPTCHA etc. – Basic knowledge or experience

•                 Git Development workflow – Proficient

•                 Visual Studio Code IDE or Eclipse IDE - Proficient

•                 Knowledge on Agile methodology and desired tools like Jira, confluence etc.

•                 Scripting/development experience with Node.js, Mocha/Chai

•                 Experience working in any Salesforce cloud environment like SFMC, SFSC etc.

•                 Excellent written, verbal communication and articulation skills & Good team player

•                 Self-starter and self-learner with keen interest to grow

•                 Process orientation and the ability to define and setup processes

•                 Ability to provide necessary coaching to bring team members up to speed on the technology

•                 Ability to prioritize and manage multiple tasks

•                 Excellent and innovative approach to problem solving and finding solutions

•                 Flexible and proactive/self-motivated working style with excellent personal ownership of problem resolution

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.