Lead Application Security Engineer

• →Perform application security testing across Web, API, Mobile (Android & iOS), TV and Cloud services, including vulnerability assessments and penetration testing.
• →Validate and triage security findings through exploit verification and risk‑based severity assessment.
• →Own and operate CI/CD security controls, including SAST, DAST, SCA, secrets scanning, and IaC scanning.
• →Build and maintain security gates (e.g., Chekmarx or equivalent) with a focus on automation, accuracy, and developer usability.
• →Conduct manual security code reviews for APIs and services written in Java, Python, and Node.js.
• →Review application designs for authentication, authorization, data protection, and API security best practices.
• →Automate security workflows using scripts and APIs to standardize testing and reduce manual effort.
• →Partner with engineering teams to drive timely, risk‑appropriate remediation and prevent repeat vulnerabilities.

• Apply AI Secure SDLC practices for LLM-based features, including prompt design, tool/function usage, and safe integration patterns.
• Assess and mitigate OWASP LLM Top 10 risks.
• Review and maintain secure prompt templates, including system prompt hardening and context scoping.
• Implement practical AI guardrails (output validation, policy checks, basic jailbreak and abuse detection).
• Perform AI red teaming and adversarial testing using tools such as Garak, PyRIT, and custom test cases.
• Review RAG implementations to ensure authorization-aware retrieval, tenant isolation, and reduced data leakage risk.
• Identify and reduce sensitive data exposure risks in embeddings and ingestion pipelines.
• Conduct AI-focused threat modeling using OWASP LLM Top 10, STRIDE, and MITRE ATLAS as reference frameworks.

What We’re Looking For (Required)

• Minimum 7 years of experience in Application Security, Penetration Testing, DevSecOps, or Security Engineering.
• Proven hands-on ability with SAST/DAST/SCA, CI/CD security gates, and vulnerability triage/remediation workflows.
• 2–3 years’ experience building and managing security gating in Checkmarx (or equivalent).
• 2–3 years’ experience performing manual security code review (APIs/services; common languages: Java/Python/Node.js).
• Familiarity with OAuth2, OIDC, JWT, mTLS, API gateways, and service-to-service identity.
• Strong knowledge of OWASP Top 10 Mobile, OWASP Top 10 LLM.
• Strong experience with common testing tools: Burp Suite, OWASP ZAP, SQLMap, Kali (and similar).
• Scripting/automation skills using Python, plus Bash/PowerShell familiarity.
• Working knowledge of Docker/Kubernetes, cloud-native patterns, and secrets management basics.
• Solid communication skills—ability to write clear findings, influence engineering decisions, and partner effectively.

• Hands-on familiarity with LLM integrations and Python AI ecosystems (e.g., LangChain / orchestration frameworks).
• Understanding of RAG pipelines and vector database concepts (e.g., Pinecone, FAISS, Milvus or equivalent).
• Ability to design/validate guardrails (policy allow/deny, jailbreak detection, output validation, safe tool calling).
• Familiarity with AI security testing patterns (prompt injection testing, data leakage testing, agent/tool abuse testing).

• Bug bounty / responsible disclosure recognition (Hall of Fame, awards).
• Experience deploying and scaling open-source security tools in production.
• Certifications: OSCP, OSCE, GWAPT, GPEN, CSSLP
• Any AI security-focused training (LLM security, RAG security, adversarial testing, ATLAS/LLM Top 10 programs).

At InMobi, culture isn’t a buzzword; it's an ethos woven by every InMobian, reflecting our diverse backgrounds and experiences.

We thrive on challenges and seize every opportunity for growth. Our core values — thinking big, being passionate, showing accountability, and taking ownership with freedom — guide us in every decision we make.

We believe in nurturing and investing in your development through continuous learning and career progression with our InMobi Live Your Potential program.

InMobi is proud to be an Equal Employment Opportunity employer and is committed to providing reasonable accommodations to qualified individuals with disabilities throughout the hiring process and in the workplace.

Visit https://www.inmobi.com/company/careers to better understand our benefits, values, and more!