FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Lead Assistant Manager – Application Security
EXLLead Assistant Manager - Application Security responsible for penetration testing and secure application development. Collaborate across teams to enhance security testing and ensure application integrity.
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
web application penetration testingmobile application security assessmentssource code security reviewsstatic analysisdynamic analysisreverse engineeringvulnerability triagethreat modellingsecure coding standardsscripting/automation
Soft Skills
collaborationcommunicationreport writingproblem-solvingprioritization
Tools & Technologies
Burp Suite ProMobSFFridaobjectiondrozerSemgrepSonarQubeCheckmarxVeracodeJenkins
Industry Keywords
OWASP Top 10API vulnerabilitiesDevSecOpsCI/CDSASTDASTSCAIaC securityvulnerability classessecurity champions programmes
Tech Stack
Tools & technologiesAndroidiOSJavaJavaScriptJenkinsPythonTerraformTypeScript
About the role
Key responsibilities & impact- Conduct manual and tool-assisted web application penetration testing (OWASP Top 10, business logic flaws, API vulnerabilities).
- Perform mobile application security assessments for Android and iOS (static & dynamic analysis, reverse engineering, OWASP MASVS/MSTG).
- Execute source code security reviews—both SAST-assisted and manual—across languages such as Java, Python, JavaScript/TypeScript, and others.
- Participate in grey-box assessments and targeted red-team exercises against internal and client-facing applications.
- Integrate and operate SAST, DAST, SCA, and container security tools within CI/CD pipelines (Jenkins, GitHub Actions).
- Configure and tune security tooling to reduce false positives and enforce actionable pipeline quality gates.
- Support IaC security reviews (Terraform, CloudFormation) and secrets management practices.
- Collaborate with platform engineering to embed security controls in build and deployment workflows.
- Triage, prioritise, and track vulnerabilities from discovery through verified closure.
- Produce clear, developer-friendly reports with reproducibility steps, severity ratings, and remediation guidance.
- Support development teams in understanding and fixing identified issues; re-test post-remediation.
- Maintain internal vulnerability registers and risk-tracking artefacts.
- Assist in threat modelling and secure design reviews for new features and services.
- Promote secure coding standards and OWASP best practices across development teams.
- Contribute to security champions programmes and developer awareness initiatives.
- Assist in securing AI/GenAI applications and APIs following defined security patterns.
Requirements
What you’ll need- 3–5+ years of hands-on experience in application security, penetration testing, or a closely related security engineering role.
- Demonstrated web application penetration testing proficiency (Burp Suite Pro, OWASP methodology, manual exploitation).
- Proven mobile application security testing experience for Android and/or iOS (MobSF, Frida, objection, drozer, APK/IPA analysis).
- Practical source code review capability—ability to identify security defects through manual inspection and SAST tooling (Semgrep, SonarQube, Checkmarx, Veracode).
- Familiarity with DevSecOps pipelines and security tool integration (SAST/DAST/SCA in CI/CD).
- Solid understanding of vulnerability classes: injection, authentication flaws, IDOR, XXE, SSRF, deserialization, cryptographic weaknesses.
- Scripting/automation capability for security tasks (Python, Bash, or equivalent).
Benefits
Comp & perks- Health insurance
- Retirement plans
- Paid time off
- Flexible work arrangements
- Professional development