Senior Application Security Analyst

Genesys empowers organizations of all sizes to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, organizations can accelerate growth by delivering empathetic, personalized experiences at scale to drive customer loyalty, workforce engagement, efficiency and operational improvements.

We employ more than 6,000 people across the globe who embrace empathy and cultivate collaboration to succeed. And, while we offer great benefits and perks like larger tech companies, our employees have the independence to make a larger impact on the company and take ownership of their work. Join the team and create the future of customer experience together.

Senior Application Security Analyst, Product Security
India

Role Overview:
Ensuring security at scale requires more than identifying vulnerabilities, it requires disciplined validation, prioritization, and execution. This senior-level role directly influences how risk is understood and reduced across Genesys Cloud by owning the validation and triage lifecycle and shaping how security findings translate into meaningful engineering action. Your work will ensure that the highest-impact risks are surfaced, understood, and resolved efficiently across a complex, multi-tenant SaaS platform.

Genesys Cloud is a cloud-native platform built on AWS, supporting modern web applications, extensive public APIs, mobile applications, and rapidly evolving AI-driven capabilities. At Genesys, we are redefining customer experience through empathy and innovation, and this role plays a critical part in safeguarding that mission by ensuring trust, reliability, and security at scale.

You will operate with strong autonomy, partnering across product, engineering, security, and external researchers to validate vulnerabilities, eliminate noise, and drive remediation outcomes. As a senior member of the team, you will also influence triage standards, improve validation processes, and help scale security operations through better tooling, documentation, and AI-assisted workflows.

This role offers continued growth into advanced application security engineering, API and mobile security testing, cloud security, and AI security, along with increased ownership of platform-level security strategy and decision-making.

Key Responsibilities:

• Validate and reproduce security findings from DAST scanning, mobile application security tools, cloud security posture management, bug bounty submissions, customer penetration test reports, internal assessments, and AI-generated security analysis
• Lead triage decisions by determining exploitability, duplication, false positives, acceptable risk patterns, and existing awareness of findings across Genesys Cloud
• Assess impact, likelihood, exploitability, affected assets, tenant isolation implications, and customer data exposure risks to drive accurate prioritization
• Create high-quality security tickets with clear reproduction steps, technical evidence, screenshots, affected components, severity rationale, and remediation guidance
• Own the full remediation lifecycle including tracking findings, coordinating with engineering teams, validating fixes, and documenting resolution outcomes
• Drive improvements to triage runbooks, validation frameworks, severity guidance, scanner tuning, and known issue pattern handling
• Validate web and API security findings including broken access control, IDOR or BOLA, authentication and authorization weaknesses, injection risks, SSRF, CORS issues, and sensitive data exposure
• Use tools such as Burp Suite, Postman, curl, browser developer tools, logs, and scripts to confirm real product risk and eliminate false positives
• Validate mobile application security findings across Android and iOS, including local storage, transport security, certificate validation, authentication flows, deep links, WebViews, and secrets handling
• Support private bug bounty intake by validating researcher submissions, identifying duplicates, assessing severity, and routing confirmed issues
• Review customer penetration test reports to identify valid findings, duplicates, acceptable risks, and existing mitigations
• Escalate high-impact vulnerabilities such as cross-tenant access, authentication bypass, authorization failures, sensitive data exposure, or externally accessible cloud risks
• Validate AWS cloud security posture findings including IAM permissions, object storage exposure, encryption, logging, network exposure, secrets management, and managed service configurations
• Determine whether cloud findings are exploitable, externally reachable, environment-specific, mitigated, or primarily compliance-related
• Perform human validation of AI-generated security findings to ensure accuracy, proper context, and reduction of false positives
• Leverage AI-assisted workflows to improve speed and consistency while maintaining independent technical judgment
• Collaborate effectively across distributed teams with strong asynchronous communication and clear technical summaries
• Contribute to continuous improvement of security processes, triage quality, and validation efficiency across the Product Security function

Required Qualifications:

• 5 or more years of experience in application security, penetration testing, vulnerability management, product security, DevSecOps, or related technical security roles
• Proven hands-on experience validating web application and API security findings beyond automated scanner outputs
• Strong understanding of web and API vulnerabilities including authorization flaws, authentication weaknesses, injection risks, sensitive data exposure, and business logic issues
• Ability to analyze HTTP requests and responses, work with JSON APIs, and test authenticated workflows
• Proficiency with tools such as Burp Suite, Postman, curl, browser developer tools, and scripting for validation and reproduction
• Demonstrated ability to distinguish real vulnerabilities from false positives, duplicates, theoretical findings, and acceptable risk patterns
• Strong experience writing clear, structured, and actionable security tickets with evidence and remediation guidance
• Ability to work independently, manage a queue of findings, and deliver consistent outcomes with minimal supervision
• Strong communication skills to clearly explain security risks and remediation guidance to engineering teams
• Ability to handle sensitive vulnerability, customer, and product information with high discretion

Preferred Qualifications:

• Experience validating DAST findings for public APIs, including authenticated scanning and scanner tuning
• Familiarity with mobile application security testing across Android and iOS platforms
• Understanding of AWS security concepts including IAM, storage, network exposure, encryption, logging, and secrets management
• Experience working with bug bounty programs or reviewing customer penetration test reports
• Background in SaaS platforms, multi-tenant architectures, microservices, or API-driven environments
• Familiarity with OWASP Web Security Testing Guide, OWASP API Security Top 10, and mobile security standards
• Experience writing scripts in Python, JavaScript, Bash, Go, or similar languages for automation and validation
• Exposure to secure SDLC practices, CI/CD environments, threat modeling, or secure design reviews
• Interest or experience in AI systems and validation of AI-generated outputs

#LI-Remote

#LI-GR1

If a Genesys employee referred you, please use the link they sent you to apply.

About Genesys:

Genesys® empowers more than 8,000 organizations worldwide to create the best customer and employee experiences. With agentic AI at its core, Genesys Cloud™ is the AI-Powered Experience Orchestration platform that connects people, systems, data and AI across the enterprise. As a result, organizations can drive customer loyalty, growth and retention while increasing operational efficiency and teamwork across human and AI workforces. To learn more, visit www.genesys.com.

Reasonable Accommodations:

If you require a reasonable accommodation to complete any part of the application process, or are limited in your ability to access or use this online application and need an alternative method for applying, you or someone you know may contact us at reasonable.accommodations@genesys.com.

You can expect a response within 24–48 hours. To help us provide the best support, click the email link above to open a pre-filled message and complete the requested information before sending. If you have any questions, please include them in your email.

This email is intended to support job seekers requesting accommodations. Messages unrelated to accommodation—such as application follow-ups or resume submissions—may not receive a response.

Genesys is an equal opportunity employer committed to fairness in the workplace. We evaluate qualified applicants without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, marital status, domestic partner status, national origin, genetics, disability, military and veteran status, and other protected characteristics.

Please note that recruiters will never ask for sensitive personal or financial information during the application phase.