Senior / Lead Application Security Engineer - (IGT1 Lanka: Workwave)

Company Description

About IGT1 Lanka 

IGT1 Lanka is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates. We’re also proud to be a sister company of IFS, Sri Lanka’s largest and most established technology company. 

At IGT1 Lanka, we partner with global businesses to scale operations, accelerate innovation, and build world-class SaaS platforms through high-quality offshore delivery. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives. 

With a team of over 300 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary. 

Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives. 

About Workwave

WorkWave is a field service management software that provides SaaS solutions for businesses in the service industry (HVAC, Plumbing & Electrical, Cleaning, Lawn & Landscape, Home Delivery, Logistics & Distribution). We empower these businesses to deliver exceptional customer experiences and grow their customer base on our efficient and easy-to-use platform.

WorkWave Team is looking for innovative Application Security Engineers who want to be part of a team of creative and talented individuals.  Our teams are a mix of technologists, product managers, development engineers, and UI/UX designers, all working together to deliver our vision.  You will be a part of our WorkWave team, helping to develop & support the WorkWave products.

Job Description

The ideal candidate should have expertise in compliance and security standards such as PCI DSS, SOC, ISO, and Privacy Shield / Data Privacy Framework. Key responsibilities include ensuring the security of desktop, web, and mobile applications through vulnerability assessments, penetration testing, security scans, and architecture design reviews. 

Responsibilities  

• Ensure application security measures comply with industry standards (e.g., PCI DSS, SOC 2, ISO 27001). Maintain security policies and support compliance audits.  
• Conduct regular vulnerability assessments and manage remediation. Implement and maintain vulnerability management tools. 
• Perform penetration testing on desktop, web, and mobile applications. Document the findings and collaborate with development teams to implement fixes. 
• Conduct regular security scans and audits using SAST, DAST, SCA, and IAST tools. 
• Review application architecture for security best practices, Provide secure coding guidance and participate in release readiness reviews.  
• Ensure data security through encryption and access controls. Implement data protection strategies and follow “Privacy by design” principles. 
• Perform network vulnerability assessments and firewall audits, and address potential security weaknesses. 
• Collaborate with cross-functional teams to integrate security into the SDLC.  
• Provide security training and assist in developing incident response plans. 

Qualifications

• Bachelor’s degree in computer science, Information Security, or related field. Relevant certifications such as CEH, CHFI, Security+, CSSLP  would be an added advantage. 
• 4+ years of experience in application security, focusing on desktop, web, and mobile applications. 
• Proven experience with compliance standards and frameworks (PCI DSS, SOC 2, ISO 27001, Privacy Shield). 
• Hands-on experience with vulnerability assessment tools and techniques (Qualys, Blackduck, Polaris, BurpSuite, Nmap, Firewalls, WAF, IDS, IPS, Kali Linux). 
• Strong background in penetration testing and security audits.  
• Familiarity with SAST, DAST, SCA, and IAST tools.  
• In-depth knowledge of application security principles, cryptography, authentication, and authorization. 
• Experience with secure coding practices and application architecture design review. 
• Ability to work independently and as part of a team.  
• Strong analytical and problem-solving skills, with excellent communication and interpersonal abilities. 

Additional Information

We believe that coming together as a community, in person, is important for innovation, connection and fostering a sense of belonging. Our roles have the right balance of remote and in-office working to enable flexibility for managing your life along with ensuring a real connection with your colleagues and the broader IFS community.