Job Title: Application Security Engineer

Experience: 5+ Years

Department: Technology – Information Security

Location: Chennai (Hybrid – 3 days from office)

Reporting To: Application Security Architect

Working Hours: Full Time (9 hours/day)

About Lebara

Lebara is a global telecommunications company, operating across Europe and several international markets under the MVNO model. Established in 2001, Lebara has evolved to serve over 4.7 million customers with affordable mobile solutions, combining reliable networks with excellent customer service.

We are on a transformation journey, moving from consolidation to rapid growth, with innovation and customer experience at the heart of our strategy.

Role Summary

The Application Security Engineer will play a key role in securing Lebara’s applications and services by integrating security standards into the software development lifecycle, conducting vulnerability assessments, penetration testing, and providing expert security guidance across technology teams.

Key Responsibilities

• Integrate security tools, standards, and practices into the product lifecycle (PLC).
• Perform vulnerability assessments and penetration testing for infrastructure, applications, services, and mobile apps.
• Provide manual penetration testing and gap analysis.
• Support incident response, architecture reviews, and vendor due diligence.
• Manage penetration testing services (in-house and external).
• Develop and maintain security improvement projects for application frameworks and perimeter defenses.
• Produce and present application security metrics and reports for stakeholders.
• Collaborate with developers and architects to drive secure coding practices and SSDLC adoption.

Skills & Experience

Must-Have Skills:

• Knowledge of OWASP Top 10, SANS 25, MITRE ATT&CK.
• Strong understanding of SSDLC, SOA, REST APIs, and API Gateways.
• Pen testing experience across IaaS, SaaS, PaaS, containers, and cloud services (AWS/Azure/GCP).
• Hands-on with penetration testing & vulnerability tools (Burp Suite, Rapid7 InsightVM, Tenable.io, OpenVAS, Kali Linux, Metasploit, Nmap, BloodHound, etc.).
• Proficiency in scripting languages (Python, Bash, PowerShell).
• Experience in Windows/Linux OS security, web servers (Apache/Unix).
• Strong knowledge of risk scoring systems (EPSS, CVSS) and compliance standards (CIS Benchmark, NIST).

Preferred Skills:

• Red Teaming experience (defense evasion, lateral movement, privilege escalation).
• Familiarity with external attack surface management.
• Security certifications (CISSP, OSCP, CEH, CSSLP).
• Basic coding experience (JavaScript, React, Node.js, .NET, or Java).