Security Analyst (AppSec)

We are looking for a Security Analyst I – Application Security with strong hands-on experience in testing Web, Mobile, and API security. This role requires independent execution of AppSec engagements, in-depth vulnerability analysis, and active collaboration to improve the application security posture. Key Responsibilities Independently perform Application Security Testing and Penetration Testing for: Web applications Thick clients Web services and APIs Conduct end-to-end Mobile Application Security Assessments for Android and iOS platforms. Perform API security testing, including authentication, authorization, and business logic validation. Execute Static Code Analysis (SAST) and manual secure code reviews to identify vulnerabilities early in the SDLC. Execute Static Application Security Testing or Secure code Review with tools such as Checkmarx, HCL App Scan, or Similar. Analyze, validate, and prioritize vulnerabilities based on risk and exploitability. Prepare detailed technical and executive-level security reports for clients. Work closely with internal/external teams to explain findings, recommend secure coding practices, and validate remediation. Stay updated with the latest vulnerabilities, tools, and attack techniques in application security. Requirements Requirement: 2+ years of work experience in Application Security Testing Strong understanding of OWASP Top 10, OWASP Mobile Top 10, and API security risks. Proven experience exploiting vulnerabilities such as SQL Injection, XSS, IDOR, SSRF, CSRF, authentication flaws, and business logic issues. Good To Have: Hands-on expertise with:Burp Suite (advanced usage for testing and exploitation) & Checkmarx / Fortify or similar SAST tools. Good understanding of secure SDLC, application architecture, and modern authentication mechanisms (OAuth, JWT, etc.). Ability to communicate complex technical issues clearly to both technical and non-technical stakeholders. Strong English communication and documentation skills. Preferred Certifications CREST (Council of Registered Ethical Security Testers) CEH (Certified Ethical Hacker) – Acceptable alternative Benefits Why You'll Enjoy Working at Kratikal: Get the fast learning and exciting environment of a startup, combined with the stable work and strong performance of a bigger company. There's lots of room to learn, grow, and share your ideas. We also provide good benefits like health insurance, a gratuity payment, and Employees' Provident Fund (a savings plan for your future). We are an equal opportunity employer, where everyone has a fair chance. About Us: Kratikal Tech Limited is a leading B2B cybersecurity firm offering cutting-edge cybersecurity solutions and services such as Network Security Audits, Compliance Implementation, IoT Security, and VAPT. Serving over 150+ enterprise customers and 1825+ SMEs across industries, including E-commerce, Fintech, BFSI, NBFC, Telecom, Consumer Internet, Cloud Service Platforms, Manufacturing, and Healthcare, Kratikal is dedicated to helping organizations combat cybercriminals using advanced, technology-driven cybersecurity solutions. The company also develops in-house cybersecurity products, including AutoSecT, competing with industry giants, alongside TSAT (Threatcop Security Awareness Training), TDMARC (Threatcop DMARC), TLMS (Threatcop Learning Management System), and TPIR (Threatcop Phishing Incident Response). These products have received numerous awards and recognitions for their innovation and effectiveness. Kratikal has been honored as the Top Cyber Security Startup at the 12th Top 100 CISO Awards. With a global reach, Kratikal collaborates with renowned organizations to secure their digital landscapes. For more information, visit our websites at www.kratikal.com and www.threatcop.com.