Senior Application Security Analyst

Genesys Cloud Services, Inc.

Job Overview

Location

Virtual Office (Tamil Nadu)

Job Type

Full-time

Full Job Description

📋 Description

• Validate and reproduce security findings from DAST scans, mobile app security tools, cloud posture management, bug bounty submissions, customer penetration tests, and AI-generated security analysis across Genesys Cloud’s multi-tenant SaaS platform.
• Lead triage decisions by evaluating exploitability, duplication, false positives, acceptable risk patterns, and existing awareness of findings to ensure accurate prioritization of high-impact risks.
• Assess impact, likelihood, and exploitability of vulnerabilities, including tenant isolation implications and customer data exposure risks, to drive precise risk scoring and remediation focus.
• Create detailed, actionable security tickets with clear reproduction steps, technical evidence, screenshots, affected components, severity rationale, and remediation guidance for engineering teams.
• Own the full remediation lifecycle: track findings, coordinate with product and engineering teams, validate fixes, and document resolution outcomes across web, API, mobile, and cloud environments.
• Improve triage standards, validation frameworks, scanner tuning, and known issue pattern handling to enhance efficiency and reduce noise in security findings.
• Validate web and API security vulnerabilities including broken access control, IDOR/BOLA, authentication/authorization flaws, injection risks, SSRF, CORS misconfigurations, and sensitive data exposure.
• Use Burp Suite, Postman, curl, browser developer tools, and custom scripts to confirm real product risk and eliminate false positives from automated tools.
• Validate mobile application security issues on Android and iOS platforms, including insecure local storage, transport security flaws, certificate pinning bypasses, authentication flow weaknesses, deep link vulnerabilities, WebView risks, and secrets handling.
• Review and validate private bug bounty submissions by identifying duplicates, assessing severity, and routing confirmed issues to appropriate engineering teams.
• Analyze customer penetration test reports to distinguish valid findings from duplicates, acceptable risks, or already mitigated issues.
• Escalate critical vulnerabilities such as cross-tenant access, authentication bypasses, authorization failures, and externally accessible cloud exposures to leadership and engineering stakeholders.
• Validate AWS cloud security posture findings including IAM permission overprivilege, S3 bucket exposure, encryption gaps, logging misconfigurations, network exposure, and secrets management weaknesses.
• Determine whether cloud findings are exploitable, externally reachable, environment-specific, mitigated, or primarily compliance-related rather than technical risks.
• Perform human validation of AI-generated security findings to ensure accuracy, contextual relevance, and reduction of false positives while leveraging AI-assisted workflows for speed and consistency.
• Collaborate asynchronously with distributed global teams across product, engineering, security, and external researchers using clear technical summaries and strong communication.
• Contribute to continuous improvement of Product Security processes, documentation, tooling, and validation efficiency to scale security operations across a rapidly evolving AI-driven platform.

🎯 Requirements

• 5 or more years of experience in application security, penetration testing, vulnerability management, product security, or DevSecOps
• Proven hands-on experience validating web application and API security findings beyond automated scanner outputs
• Strong understanding of web and API vulnerabilities including authorization flaws, authentication weaknesses, injection risks, sensitive data exposure, and business logic issues
• Proficiency with tools such as Burp Suite, Postman, curl, browser developer tools, and scripting for validation and reproduction
• Demonstrated ability to distinguish real vulnerabilities from false positives, duplicates, theoretical findings, and acceptable risk patterns
• Strong experience writing clear, structured, and actionable security tickets with evidence and remediation guidance

🏖️ Benefits

• Independence to make a larger impact on the company and take ownership of work
• Opportunity to grow into advanced application security engineering, API and mobile security testing, cloud security, and AI security
• Exposure to a high-scale, AI-powered SaaS platform with modern tech stack on AWS
• Collaborative environment with global teams focused on empathy and innovation
• Access to security tooling and AI-assisted workflows to enhance productivity
• Support for continuous learning and process improvement in security operations

Skills & Technologies

Python

JavaScript

AWS

iOS

Android

Senior

Remote

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

AI Job Fit Analysis

Pro

See exactly how your profile matches this role — strengths, skill gaps, and what to do about them.

Genesys Cloud Services, Inc.

Visit Website

About Genesys Cloud Services, Inc.

Genesys Cloud Services provides cloud-based customer experience and contact center software, integrating voice, digital and AI technologies. The platform unifies omnichannel interactions, workforce engagement, analytics and automation to help organizations personalize service, improve agent productivity and gain insights across customer journeys. Founded in 1990, the company serves enterprises and mid-market businesses worldwide across industries including financial services, retail, healthcare and government.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.