Onit6d ago

New

Senior Application Security Engineer

Pune, MaharashtraRemotesenior

EngineeringSecurity Engineer

1 views0 saves0 applied

Apply Now

Quick Summary

Overview

About Onit We're redefining the future of legal operations through the power of AI. Our cutting-edge platform streamlines enterprise legal management, matter management, spend management and contract lifecycle processes, transforming manual workflows into intelligent, automated solutions.

Technical Tools

awsazuregcpgraphqlsnykci-cdoauthsaassecurity-best-practicessystem-design

About Onit

We're redefining the future of legal operations through the power of AI. Our cutting-edge platform streamlines enterprise legal management, matter management, spend management and contract lifecycle processes, transforming manual workflows into intelligent, automated solutions.

We’re a team of innovators using AI at the core to help legal departments become faster, smarter, and more strategic. As we continue to grow and expand the capabilities of our new AI-centric platform, we’re looking for bold thinkers and builders who are excited to shape the next chapter of legal tech.

If you're energized by meaningful work, love solving complex problems, and want to help modernize how legal teams operate, we’d love to meet you.

Position Summary

Onit, Inc. is looking for an Application Security Engineer to help secure our SaaS applications, APIs, and emerging AI capabilities. This is a hands-on, high-impact role where you’ll work closely with engineering and product teams to design secure systems, identify vulnerabilities, and improve how we build software. You’ll play a key role in shaping our security practices as we scale.

Security Architecture & Design Reviews

Lead security reviews for application architecture and system design

Evaluate designs for:

Authentication & authorization models

Data access patterns

API exposure and trust boundaries

Provide clear, actionable guidance to engineering teams

Identify risks early and influence secure design decisions

Go-Live Security Reviews & Risk Decisions

Conduct pre-production / go-live security assessments

Determine whether a feature is safe to launch and what risks must be mitigated vs accepted

Partner with engineering and product to prioritize fixes and define compensating controls

Act as a security approver / advisor for production releases

Authentication, Authorization & Access Control

Design and assess:

OAuth2, OIDC, SAML implementations

RBAC / fine-grained authorization models

Identify and remediate broken access control and privilege escalation paths

Drive adoption of least privilege and secure access patterns

API Security

Lead security reviews of REST, GraphQL, and event-driven APIs

Identify risks such as:

Broken Object Level Authorization (BOLA)

Injection vulnerabilities

Data leakage

Define standards for:

API authentication

Input validation

Rate limiting and abuse protection

AI & Emerging Technology Security

Assess security risks in AI-powered features and systems

Evaluate threats such as:

Prompt injection

Data leakage via LLMs

Model misuse and access control gaps

Help define and implement AI security guardrails

Review architectures involving MCP (Model Context Protocol) or similar AI integration patterns

Vulnerability Management & Testing

Lead vulnerability identification using Static analysis (SAST) and Dependency scanning (SCA)

Validate findings and eliminate false positives

Prioritize vulnerabilities based on exploitability and business impact

Drive remediation with engineering teams

Attack Surface & Risk Assessment

Assess and map application attack surface

Identify exposed services, endpoints, and integrations

Evaluate third-party and supply chain risks

Continuously improve visibility into application risk

Security Tooling & DevSecOps

Integrate and optimize security tools in CI/CD pipelines

Define security gates for builds and releases

Automate security checks where possible

Improve developer experience with secure defaults

6+ years of experience in Application Security, Security Engineering, or Software Engineering with a strong security focus

Proven experience performing security architecture/design reviews, as well as Go-live/production readiness security assessments, with experience with cloud platforms (AWS, GCP, Azure) preferred

Strong understanding of OWASP Top 10 and modern web vulnerabilities and secure system design and threat modeling

Experience with SAST tools (e.g., SonarQube, Checkmarx) and SCA tools (e.g., Snyk, Dependabot)

Ability to assess real-world risk and prioritize effectively in a SaaS environment

Understanding of LLM risks (prompt injection, data leakage) and AI system architecture

Exposure to securing AI features or platforms

Familiarity with MCP or similar AI integration patterns

Deep Expertise in the following:

Authentication & Authorization
- OAuth2, OIDC, SAML
- RBAC / ABAC / least privilege models
- API Security
  - REST / GraphQL
  - Common API attack vectors (BOLA, injection, data exposure)
  - Application Security
    - Secure coding practices
    - Input validation, output encoding, session management