Job Summary
We are looking for a mid-to-senior level Application Security Engineer to own the security
posture of our web, mobile, and AI-driven ecosystems. You are expected to operate with high
autonomy, moving beyond simple checklist-based testing to proactive threat modeling and
automated defense. You will collaborate with engineering teams to ensure our rapid deployment
cycle remains secure by design.

Key Responsibilities:

1. Advanced Application Security & Pentesting
● Conduct deep-dive manual and automated penetration testing on Web, Mobile
(iOS/Android), and API layers.
● Master the OWASP Top 10 and SANS 25 frameworks to identify and remediate complex
logic flaws.
● Perform manual code reviews for high-risk features in Node.js and Python.

2. Cloud & Infrastructure (AWS Focus)
● Audit and harden AWS environments, focusing on IAM least-privilege policies and VPC
security.
● Secure serverless architectures (Lambda) and containerized workloads
(Kubernetes/Docker).
● Implement and monitor AWS security services like GuardDuty, Security Hub, and
Inspector.

3. Emerging Tech: AI & Low-Code Security
● AI Agents: Conduct security assessments for LLM-based features, protecting against
prompt injection, data leakage, and insecure output handling (OWASP for LLMs).
● Low-Code/No-Code: Establish governance and security reviews for internal tools (e.g.,
Retool, Zapier) to prevent unauthorized data exposure.
● API Integrity: Secure the machine-to-machine communication between our AI agents
and core healthcare microservices.

4. DevSecOps & Automation
● Integrate and manage SAST, DAST, and SCA tools (Snyk, Burp Suite, SonarQube)
directly into the CI/CD pipeline.
● Build custom automation scripts (Python/Go) to detect secrets in code or misconfigured
cloud assets in real-time.

Qualifications & Skills

1) Minimum Requirements
● Experience: 4-5 years in Application Security or Penetration Testing.
● Education: B.Tech/B.E. in Computer Science or a related technical field.
● Certifications: OSCP, eWPT, or GWAPT (preferred); CEH (minimum).
● Tooling: Expertise in Burp Suite Professional, Metasploit, Postman, and Cloud-native
security tools.

2) Technical Proficiencies
● Languages: Ability to read/write Python and Node.js for exploit development and script
automation.
● Standards: Deep knowledge of OAuth2, JWT, TLS/SSL, and Cryptographic standards.
● Cloud: Hands-on experience with Terraform/IaC security scanning.

3) Soft Skills
● The "Security Partner" Mindset: Ability to explain complex vulnerabilities to SDEs in a
way that encourages remediation rather than friction.
● Analytical Thinking: The ability to "think like a hacker" while providing "builder-centric"
solutions.

MediBuddy Introduction:
MediBuddy is India’s largest on-demand, full-stack digital healthcare platform that helps patients access multiple healthcare services. It gives users 24x7 access to high-quality healthcare at their fingertips. MediBuddy helps its users consult specialist doctors, order medicines and book lab tests from the comfort of their homes. It is also a partner to several leading corporate customers in the country and helps their employees access multiple healthcare benefits. MediBuddy users have access to online doctor consultations, wellness, preventive care services, fitness and hospitalization offered by its pan-India network of healthcare providers with its unparalleled reach.

It also provides its customers hassle-free, end-to-end surgery care through a Care Buddy, right from connecting them to the right surgeon to post-operative recovery care. MediBuddy’s surgery care provides specialized treatment in several other departments like Proctology, Ophthalmology, Vascular, ENT, Orthopaedics, Urology, Gynaecology, and more. With full-stack Surgery Care management services, MediBuddy assures customers an array of solutions for every medical, financing, insurance, and recovery need of its customers undergoing surgery.

The digital healthcare platform has a partner network of 90,000+ doctors, 7,100+ hospitals and clinics, 4,000+ diagnostic centers, 2,500+ pharmacies along with a team size of 2200+ members. It has created an integrated healthcare ecosystem that offers patients seamless access anytime and anywhere. It has created an integrated healthcare ecosystem that offers patients seamless access anytime and anywhere in 10 minutes. With its healthcare services available in 16 Indian languages to enable customer-friendly consultation, MediBuddy is bridging the Urban-Rural quality healthcare divide. MediBuddy offers online and offline doctor consultations, medicine delivery, lab tests at home, mental health consultations, surgery care, among other healthcare services.