Application Security Engineer
Role summary by JobGrid
Application Security Engineer at bottomlinetechnologies in India, India, with a hybrid workplace. JobGrid presents the normalized role facts from the provided source, keeps the employer content separate, and links candidates to the original public application page with non-personal referral parameters.
- Source posted: 2026-05-29; last checked: 2026-05-31, so the page reflects recent source verification.
- Workplace is listed as hybrid; location is India, India.
- Work language is English; no employment type, seniority, category, or salary was provided in the payload.
- JobGrid preserves the original-language boundary and shows a comparable classification only from structured source facts, not inferred details.
Why Choose Bottomline?
Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team!
As an Application Security Engineer, you will play a critical role in strengthening the organisation’s application security posture by supporting our penetration testing and application code scanning programmes. This role is responsible for identifying vulnerabilities, analysing security patterns and behaviours, and contributing to the continuous improvement of secure development practices across the software lifecycle.
You will work closely with Product, Engineering, and Security teams to proactively identify and reduce risk exposure, supporting our threat exposure management approach across all applications. The role requires strong technical expertise combined with the ability to communicate complex security risks clearly and effectively to both technical and non-technical stakeholders.
Essential Functions and Responsibilities:
- Orchestrate application penetration testing across web, API, and service-based architectures
- Support application security scanning tools (SAST, SCA, DAST) and CI/CD pipeline integration
- Analyse vulnerabilities to identify patterns, behaviours, and root causes, not just individual findings
- Support prioritisation and provide guidance for remediation based on risk and threat exposure
- Contribute to improving coverage, consistency, and reliability of application security testing
- Support multiple projects and initiatives in parallel
Required Experience & Qualifications
- 3+ years’ experience in Application Security, Penetration Testing, or Secure Code Scanning
- Hands-on experience with penetration testing techniques and tools
- Experience with application security scanning platforms (SAST, SCA, DAST)
- Strong understanding of common vulnerability patterns (e.g. OWASP Top 10)
- Knowledge of modern environments (APIs, microservices, CI/CD pipelines)
- Strong analytical, problem-solving, and communication skills
Preferred Experience & Qualifications
- Experience with platforms such as Veracode, Burp Suite, OWASP ZAP, or similar
- Understanding of risk-based or threat exposure management models
- Experience working with development teams in secure coding practices
- Relevant certifications such as:
OSCP, OSWE, GWAPT, GPEN, CEH, CSSLP, CISSP or CISM
Note: This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the position.
We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. We're proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone.