Lead - Application Security Engineer

Location: Bengaluru,Karnataka,India

About us

WeWork India is one of India’s leading flexible workspace operators – ‘Great Place To Wor
certified (Nov 2024 – Nov 2025), aimed at creating flexible workspace solutions for companies
of all sizes.

Since its inception in India in 2016, WeWork India has expanded across 63 operational centres
in Chennai, New Delhi, Gurugram, Noida, Mumbai, Bengaluru, Pune, and Hyderabad. WeWork
India meets distinct workspace needs, for various businesses. WeWork India strives to provide
customised and curated solutions for various office space needs through its products and solutions.

At WeWork India, we’re driven by collaboration, creativity, and a shared vision to redefine the
future of work. If you're looking to be part of a dynamic, fast-growing organisation that values
talent and fosters growth, join us and build your future with WeWork India.

For more information, please visit our website https://wework.co.in/

About the Role:

WeWork India is seeking a highly skilled Lead - Application Security Engineer to join our Information Security team. The ideal candidate will bring extensive experience in securing web and mobile applications, API security, and implementing robust security controls across the Software Development Lifecycle (SDLC). This role will involve close collaboration with the Engineering team to ensure the security of our application infrastructure and active engagement with security researchers through our Vulnerability Disclosure Program.

Key Responsibilities:

1. Application and API Security:

   - Design and implement security controls for web and mobile applications, as well as APIs.

   - Conduct secure code reviews and provide guidance to engineering teams on secure coding practices.

   - Evaluate and integrate security tools into CI/CD pipelines.

2. Secure SDLC Implementation:

   - Collaborate with the Engineering team to embed security throughout the SDLC.

   - Define and enforce application security standards and best practices.

   - Perform threat modeling and security risk assessments for new and existing applications.

3. Vulnerability Management

   - Manage the Vulnerability Disclosure Program by liaising with security researchers, validating findings, and coordinating remediation efforts with the Engineering team.

   - Track and prioritize vulnerabilities for resolution with the Engineering and Information Security teams.

   - Address vulnerabilities discovered during VA/PT assessments and work closely with the Engineering team to plug gaps, ensuring the security of our application and cloud posture.

4. Tooling and Automation:

   - Utilize and manage application security tools such as SAST, DAST, RASP, and WAF.

   - Automate security testing processes to enhance efficiency and coverage.

   - Maintain an inventory of security tools and ensure they are up-to-date and effectively integrated.

5. Incident Response and Compliance:

   - Assist in the investigation and response to application security incidents.

   - Ensure applications comply with relevant security standards and regulations.

   - Provide security input during audits and assessments.

6. Training and Awareness:

   - Conduct training sessions for developers on secure coding practices.

   - Develop resources and guidelines to promote a security-first culture within the Engineering team.

7. Stakeholder Collaboration:

   - Act as the primary point of contact between the Information Security and Engineering teams for application security matters.

   - Provide regular updates and reports to the Information Security Officer and other stakeholders.

Qualifications and Skills:

- Experience:

  - 5-6 years of experience in application security, with a strong focus on web and mobile applications and API security.

  - Proven experience working closely with engineering teams and integrating security into the SDLC.

- Technical Skills:

  - Proficient in SAST, DAST, RASP, WAF, and CI/CD tools (e.g., SonarQube, Burp Suite, Checkmarx, Veracode).

  - Familiarity with cloud security, particularly AWS and GCP environments.

  - Strong understanding of OWASP Top 10, SANS CWE Top 25, and related application security principles.

- Certifications:

  - Relevant certifications such as CSSLP, GSSP, CASE.

- Soft Skills:

  - Excellent communication and interpersonal skills.

  - Strong problem-solving abilities and attention to detail.

  - Ability to work collaboratively across teams and manage multiple priorities.

Equal Opportunity Employer

WeWork India is an Equal Opportunity and Affirmative Action Employer. We celebrate diversity and are committed to creating an inclusive environment for our employees and members. Employment decisions are made without regard to race, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, veteran status or other characteristics protected by law.

We expect all employees to embody our values and all aspects of employment including the decisions to hire and promote, are based on merit, competence, performance and business needs.

Our total rewards philosophy is aimed at providing compensation that is competitive, performance linked and helps us attract and retain the talent we need to drive our business forward and serve our members. As part of WeWork India, our commitment to you is that  you’ll be surrounded by career opportunities in a culture that fosters collaboration, flexibility and inclusion.