Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
EXL

Lead Assistant Manager – Application Security

EXL

Lead Assistant Manager - Application Security responsible for penetration testing and secure application development. Collaborate across teams to enhance security testing and ensure application integrity.

Posted 6/19/2026full-timeNoida • 🇮🇳 IndiaSeniorWebsite

Tech Stack

Tools & technologies
AndroidiOSJavaJavaScriptJenkinsPythonTerraformTypeScript

About the role

Key responsibilities & impact
  • Conduct manual and tool-assisted web application penetration testing (OWASP Top 10, business logic flaws, API vulnerabilities).
  • Perform mobile application security assessments for Android and iOS (static & dynamic analysis, reverse engineering, OWASP MASVS/MSTG).
  • Execute source code security reviews—both SAST-assisted and manual—across languages such as Java, Python, JavaScript/TypeScript, and others.
  • Participate in grey-box assessments and targeted red-team exercises against internal and client-facing applications.
  • Integrate and operate SAST, DAST, SCA, and container security tools within CI/CD pipelines (Jenkins, GitHub Actions).
  • Configure and tune security tooling to reduce false positives and enforce actionable pipeline quality gates.
  • Support IaC security reviews (Terraform, CloudFormation) and secrets management practices.
  • Collaborate with platform engineering to embed security controls in build and deployment workflows.
  • Triage, prioritise, and track vulnerabilities from discovery through verified closure.
  • Produce clear, developer-friendly reports with reproducibility steps, severity ratings, and remediation guidance.
  • Support development teams in understanding and fixing identified issues; re-test post-remediation.
  • Maintain internal vulnerability registers and risk-tracking artefacts.
  • Assist in threat modelling and secure design reviews for new features and services.
  • Promote secure coding standards and OWASP best practices across development teams.
  • Contribute to security champions programmes and developer awareness initiatives.
  • Assist in securing AI/GenAI applications and APIs following defined security patterns.

Requirements

What you’ll need
  • 3–5+ years of hands-on experience in application security, penetration testing, or a closely related security engineering role.
  • Demonstrated web application penetration testing proficiency (Burp Suite Pro, OWASP methodology, manual exploitation).
  • Proven mobile application security testing experience for Android and/or iOS (MobSF, Frida, objection, drozer, APK/IPA analysis).
  • Practical source code review capability—ability to identify security defects through manual inspection and SAST tooling (Semgrep, SonarQube, Checkmarx, Veracode).
  • Familiarity with DevSecOps pipelines and security tool integration (SAST/DAST/SCA in CI/CD).
  • Solid understanding of vulnerability classes: injection, authentication flaws, IDOR, XXE, SSRF, deserialization, cryptographic weaknesses.
  • Scripting/automation capability for security tasks (Python, Bash, or equivalent).

Benefits

Comp & perks
  • Health insurance
  • Retirement plans
  • Paid time off
  • Flexible work arrangements
  • Professional development

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
web application penetration testingmobile application security assessmentssource code security reviewsstatic analysisdynamic analysisreverse engineeringvulnerability triagethreat modellingsecure coding standardsscripting/automation
Soft Skills
collaborationcommunicationreport writingproblem-solvingprioritization