This job was posted more than 40 days ago and might be expired.

Senior Application Security Engineer

Onit, Inc.·See all Onit, Inc. jobs on Jobr

Posted about 2 months ago

RemotePune, MaharashtraSE

About Onit

We're redefining the future of legal operations through the power of AI. Our cutting-edge platform streamlines enterprise legal management, matter management, spend management and contract lifecycle processes, transforming manual workflows into intelligent, automated solutions.

We’re a team of innovators using AI at the core to help legal departments become faster, smarter, and more strategic. As we continue to grow and expand the capabilities of our new AI-centric platform, we’re looking for bold thinkers and builders who are excited to shape the next chapter of legal tech.

If you're energized by meaningful work, love solving complex problems, and want to help modernize how legal teams operate, we’d love to meet you.

Position Summary

Onit, Inc. is looking for an Application Security Engineer to help secure our SaaS applications, APIs, and emerging AI capabilities. This is a hands-on, high-impact role where you’ll work closely with engineering and product teams to design secure systems, identify vulnerabilities, and improve how we build software. You’ll play a key role in shaping our security practices as we scale.

### Key Responsibilities

Security Architecture & Design Reviews

Lead security reviews for application architecture and system design

Evaluate designs for:

Authentication & authorization models

Data access patterns

API exposure and trust boundaries

Provide clear, actionable guidance to engineering teams

Identify risks early and influence secure design decisions

Go-Live Security Reviews & Risk Decisions

Conduct pre-production / go-live security assessments

Determine whether a feature is safe to launch and what risks must be mitigated vs accepted

Partner with engineering and product to prioritize fixes and define compensating controls

Act as a security approver / advisor for production releases

Authentication, Authorization & Access Control

Design and assess:

OAuth2, OIDC, SAML implementations

RBAC / fine-grained authorization models

Identify and remediate broken access control and privilege escalation paths

Drive adoption of least privilege and secure access patterns

API Security

Lead security reviews of REST, GraphQL, and event-driven APIs

Identify risks such as:

Broken Object Level Authorization (BOLA)

Injection vulnerabilities

Data leakage

Define standards for:

API authentication

Input validation

Rate limiting and abuse protection

AI & Emerging Technology Security

Assess security risks in AI-powered features and systems

Evaluate threats such as:

Prompt injection

Data leakage via LLMs

Model misuse and access control gaps

Help define and implement AI security guardrails

Review architectures involving MCP (Model Context Protocol) or similar AI integration patterns

Vulnerability Management & Testing

Lead vulnerability identification using Static analysis (SAST) and Dependency scanning (SCA)

Validate findings and eliminate false positives

Prioritize vulnerabilities based on exploitability and business impact

Drive remediation with engineering teams

Attack Surface & Risk Assessment

Assess and map application attack surface

Identify exposed services, endpoints, and integrations

Evaluate third-party and supply chain risks

Continuously improve visibility into application risk

Security Tooling & DevSecOps

Integrate and optimize security tools in CI/CD pipelines

Define security gates for builds and releases

Automate security checks where possible

Improve developer experience with secure defaults

### Required Skills

6+ years of experience in Application Security, Security Engineering, or Software Engineering with a strong security focus

Proven experience performing security architecture/design reviews, as well as Go-live/production readiness security assessments, with experience with cloud platforms (AWS, GCP, Azure) preferred

Strong understanding of OWASP Top 10 and modern web vulnerabilities and secure system design and threat modeling

Experience with SAST tools (e.g., SonarQube, Checkmarx) and SCA tools (e.g., Snyk, Dependabot)

Ability to assess real-world risk and prioritize effectively in a SaaS environment

Understanding of LLM risks (prompt injection, data leakage) and AI system architecture

Exposure to securing AI features or platforms

Familiarity with MCP or similar AI integration patterns

Deep Expertise in the following:

Authentication & Authorization
- OAuth2, OIDC, SAML
- RBAC / ABAC / least privilege models
- API Security
  - REST / GraphQL
  - Common API attack vectors (BOLA, injection, data exposure)
  - Application Security
    - Secure coding practices
    - Input validation, output encoding, session management

Benefits & Perks That Support You:

Onit offers a comprehensive total rewards package designed to support the whole employee at work and beyond:

Health Coverage: Employee and immediate family members.

Time Away: Flexible paid time off and 10 company paid holidays annually.

Family Support: Exceptional paid leave for birth parents, non-birth parents, and caregivers. Onit also offers surrogacy and adoption reimbursement.

Income Protection: 100% employer-paid life and disability insurance.

Additional Coverage Options: Voluntary benefits including hospital indemnity, critical illness, accident.

Tax-Advantaged Accounts: Flexi, NPS.

Community Engagement: One paid volunteer day each year to give back to the community.

Our Commitment to Applicants

We know that not everyone will check every box in a job description. At Onit, we value diversity, inclusion, and authenticity. If you’re excited about this role but your experience doesn’t align perfectly with every qualification, we encourage you to apply. You may be exactly who we’re looking for.

Onit Values

Customer First - Customer success is our success. We deliver value, listen, and act on customer needs.

Purposeful Innovation - Innovation fuels our growth. We harness creativity to solve problems and lead with the intentions and expertise.

Win as One - Teamwork is how we win. We are accountable, act with integrity, and communicate openly.

Intentional Growth - Our people are the difference. We create an environment with compelling work, impactful contributions, and career growth.

Other open roles at Onit, Inc.(6)

Accounts Payable Analyst

Pune, Maharashtra

On-site

Senior Software Engineer - RoR (Fullstack)

Pune, Maharashtra

On-site

Customer Success Operations Analyst

Pune, Maharashtra

On-site

Mid-Market Customer Success Manager

Remote - USA

🏡 Remote

Senior Legal AI Researcher

Auckland

On-site

See all Onit, Inc. jobs on Jobr

Job details

Workplace

Remote

Location

Pune, Maharashtra

Experience

Onit, Inc.

View company page

ONIT INC. is a leading, international, IT consulting agency based in New York City. We use the same tried and true processes that our parent company has used for decades, vetting and interviewing prospects through an increasingly rigorous system of personality assessments, skillset examinations, background checks, and diligence procedures. We have cultivated our team for over a decade, and look forward to working with you to address your latest IT challenge!

Website LinkedIn

Employees

Industry

Staffing and Recruiting

Headquarters

NEW YORK, NEW YORK

Company location

55 BROAD STREET, 16th FLOOR, NEW YORK, NEW YORK 11020, US

Specialties

INFORMATION TECHNOLOGY SERVICES, DESKTOP SUPPORT, NETWORK ADMINISTRATION, TECHNOLOGY PROJECT MANAGEMENT, VOICE SYSTEMS, HELP DESK SUPPORT, INFRASTRUCTURE PROJECT MANAGERS, SERVER, DESKTOP, & NETWORK TECHNICIANS, IT PROJECT MANAGERS, and IT PROGRAM MANAGERS

Apply smarter with Jobr

Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

Direct from company career pages

AI-personalised cover letters

Human review before every submit

Application tracking & follow-ups