Associate Security Engineer (AppSec / Infra Security)

Role Description We are looking for a passionate and experienced Associate Security Engineer (AppSec / Infra Security) to join our growing team at CoreShield Technologies. In this Onsite role based in Bangalore, You will work closely with engineering and DevOps teams to secure applications, infrastructure, and on-prem deployments. This role is execution-heavy — ideal for someone who has Experience and wants to build security into real systems.

Key Responsibilities Perform penetration testing (web, API, network) and identify vulnerabilities Conduct security assessments and risk analysis for applications and infrastructure Work on network security controls (firewalls, VPNs, IDS/IPS) Identify and validate vulnerabilities like OWASP Top 10, misconfigurations, auth flaws, insecure APIs Collaborate with backend/dev teams to fix vulnerabilities and implement secure coding practices Assist in implementing EDR, endpoint security, disk encryption, and device hardening Support incident analysis, log review, and threat detection Contribute to secure SDLC practices (SAST, DAST, dependency scanning) Document findings, prepare security reports , and track remediation Required Qualifications Bachelor’s degree in Computer Science, Engineering, or related field 2+years of strong backend engineering experience Strong understanding of networking fundamentals (TCP/IP, DNS, HTTP/HTTPS, routing, NAT) Hands-on experience with penetration testing / VAPT tools Knowledge of OWASP Top 10 vulnerabilities and exploitation techniques Familiarity with tools like: Burp Suite, Nmap, Metasploit Basic understanding of Linux systems and shell usage Understanding of authentication mechanisms (JWT, OAuth, session-based auth) Exposure to firewalls / IDS/IPS / VPN concepts Good to Have Experience with Wireshark or traffic analysis Exposure to cloud security (GCP/AWS) Understanding of DevSecOps tools like OWASP ZAP , Trivy Basic scripting (Python / Bash) for automation Knowledge of encryption basics and TLS What We’re Looking For Someone who has actually tested systems , not just theoretical knowledge Strong problem-solving mindset and ability to think like an attacker Ownership mindset — ability to drive issues to closure Comfortable working in a fast-paced, on-prem + product environment