Are you a security enthusiast with 2+ years of experience, passionate about building secure applications from the ground up? The Application Security Engineer role at smallcase offers a unique remote opportunity to become the guardian of a platform that is changing how India invests. This isn’t just about finding vulnerabilities; it’s about embedding security into the DNA of products used by over 650,000 investors and major financial brands like HDFC and Kotak.
As a Level I engineer, you’ll play a critical role in managing security across the entire smallcase ecosystem, from testing applications to developing safeguarding tools. If you have practical knowledge of web app security, threat assessment, and are comfortable with JavaScript or Python, this Application Security Engineer role is your chance to build a safer financial future for millions. For the best chance, share your security blogs or CTF write-ups!
Ready to protect the future of investing? Let’s explore this secure opportunity.
About smallcase: Changing How India Invests
Before we explore the role, understand the impactful mission you’ll be protecting. smallcase is on a mission to change how India & Indians invest.
📈 smallcase’s Impact:
- User Community: 650,000+ strong and growing.
- Dual Platform: Builds products for individuals to invest better AND platforms & infrastructure for the industry.
- Strategic Partnerships: Works with the largest financial brands in India like HDFC, Kotak, Edelweiss, and IIFL.
- Mission-Driven: Focused on making investing better and more accessible for everyone.
Your Role: Application Security Engineer – Level I
This Application Security Engineer role is designed for a proactive professional ready to take ownership of application security across a critical financial platform.
Key Responsibilities: What You’ll Secure
Your work will be integral to maintaining trust in the smallcase platform:
- Holistic Security Management: Be responsible for managing security across the entire smallcase environment.
- Proactive Testing: Regularly check and test applications and systems for security issues, ensuring continuous vigilance.
- Tool Development: Develop tools and practices to proactively safeguard applications instead of just reacting to threats.
- SDLC Integration: Work closely with development teams to integrate security best practices throughout the entire Software Development Lifecycle (SDLC), including establishing secure coding guidelines.
- Vulnerability Management: Track and address vulnerabilities, providing developers with clear, actionable instructions for fixing issues.
- Incident Response: Assist in investigating, analyzing, and responding to security incidents related to applications.
Share the opportunity
The Security Stack: Your Defense Toolkit
This role requires a blend of manual expertise, tool proficiency, and coding skills.
| Core Security Domains | Programming Languages | Security Tools & Concepts |
|---|---|---|
| Web Application Security | JavaScript | Burp Suite |
| Threat Assessment | Python | OWASP ZAP |
| Incident Management | GO | Encryption Techniques |
| Secure SDLC | Cloud Security |
Who is smallcase Looking For? The Ideal Candidate
smallcase is looking for more than a checklist security person; they want a passionate practitioner.
You Might Thrive In This Role If You:
- Experience: Have at least 2 years of proven experience as a Security Engineer or in a similar application security role.
- Practical Knowledge: Possess hands-on, practical knowledge of:
- Web application security
- Secure coding practices
- Threat assessment methodologies
- Incident management processes
- Cloud Understanding: Understand cloud systems (likely AWS/GCP) and how to keep them secure.
- Technical Proficiency: Are comfortable using programming languages like Javascript, Python, or GO and are familiar with industry-standard security tools like Burp Suite and OWASP ZAP.
The Golden Ticket: Show Your Passion
- Important: smallcase explicitly asks for your Blogs, CTF write-ups, or any security research publications. This demonstrates your expertise and, more importantly, your genuine passion for security beyond your day job. This is a huge differentiator.
Follow us on 
LinkedIn for the latest updates
Follow us on 
Threads for the latest updates
Subscribe ▶️ YouTube Channel for Latest Updates
Why This AppSec Role is a Secure Investment in Your Career
A security role at a high-growth fintech like smallcase offers unique and powerful advantages:
- 🏠 Remote-First: Enjoy the flexibility of a fully remote role from anywhere in India.
- 🇮🇳 Purpose & Impact: Your work directly protects the financial investments and data of over 650,000 Indians. The sense of purpose is immense.
- 🔧 Builder Mindset: You won’t just run scans. You’ll develop tools and practices and integrate security into the SDLC, giving you a chance to build a robust security program.
- 📈 High-Profile Domain: Gain experience in the fintech security domain, which is highly regulated and offers fantastic career opportunities.
- 🚀 Growth Trajectory: Join a company that is actively changing a massive industry, meaning your role and impact will grow rapidly.
How to Apply for the smallcase Security Role
The application process values demonstrated passion as much as experience. Here’s how to prepare:
- Curate Your Portfolio: This is critical. Gather links to your:
- Security Blog: Write-ups of vulnerabilities you’ve found (even on test platforms), technical explainers, or opinion pieces.
- CTF Write-ups: Detailed explanations of how you solved Capture The Flag challenges.
- GitHub: Any security-related tools or scripts you’ve written in Python/JS/Go.
- Research Publications: Any formal or informal publications.
- Tailor Your Resume: Highlight your 2+ years of experience with specific examples. Instead of “Did vulnerability scanning,” say “Integrated OWASP ZAP into the CI/CD pipeline, reducing XSS vulnerabilities by Y%.”
- Prepare for Technical Interviews: Be ready to discuss:
- The OWASP Top 10 in depth and how you’d test for and mitigate each risk.
- How you would implement security into an SDLC.
- A past security incident you helped handle.
- Your experience with Burp Suite or similar tools.
- Demonstrate Business Acumen: Research smallcase’s products. Understand why security is especially critical for a financial investment platform (trust, regulatory compliance, financial loss prevention).
Conclusion: Become a Guardian of Financial Trust
The Application Security Engineer – Level I position at smallcase is more than a job; it’s a responsibility. It offers the chance to be at the forefront of securing India’s financial technology landscape, working remotely while building tools and practices that make a tangible difference.
If you are a security engineer who is passionate about proactive defense, enjoys coding to automate security, and wants to see your work directly impact the financial well-being of hundreds of thousands of people, this is your call to action.
🔐 Don’t just find bugs—build trust. Apply for the Remote Application Security Engineer role at smallcase today and share your passion through your blogs and research!
Share the opportunity