Application Security Engineer

Experience :

Location :

Job Summary

In this role, you will focus on ensuring the security of web applications, mobile applications, and APIs through a combination of proactive security testing, code review, threat modeling, and vulnerability assessments. You will work closely with development teams to integrate secure coding practices and help mitigate risks in the software development lifecycle.

Key Responsibilities

• Conduct regular security assessments, penetration testing, and vulnerability scans of applications and services.
• Perform static and dynamic analysis on web applications, mobile applications, and APIs to identify and resolve security vulnerabilities.
• Collaborate with engineering teams to implement secure development practices, reviewing code for security flaws and recommending improvements.
• Conduct threat modeling and risk assessments to identify potential security threats and implement appropriate mitigation strategies.
• Assist in the development and execution of security tools, procedures, and frameworks to automate security testing processes.
• Keep up-to-date with the latest security vulnerabilities, exploits, and security best practices.
• Provide technical leadership and mentorship to junior security engineers and developers on security issues.
• Advise on the secure architecture and design of systems, identifying potential security gaps early in the design phase.
• Create and maintain documentation related to security testing, security incidents, and remediation activities.
• Support the incident response team in handling security incidents and provide post-incident analysis.

Required Skills & Experience

• 2-5 years of experience in application security or related field.
• Strong knowledge of web and mobile application security vulnerabilities (OWASP Top 10, OWASP Mobile, etc.).
• Experience with penetration testing tools (Burp Suite, OWASP ZAP, etc.) and techniques.
• Familiarity with static and dynamic code analysis tools (Checkmarx, SonarQube, etc.).
• Strong understanding of secure coding practices (e.g., input validation, encryption, and authentication).
• Experience in threat modeling and risk assessment techniques.
• Understanding of web application technologies (HTML, JavaScript, CSS, etc.) and backend technologies (Java, .NET, Node.js, Python, etc.).
• Experience with cloud security (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes).
• Knowledge of industry standards and frameworks (ISO 27001, NIST, SOC2, etc.).
• Good understanding of authentication protocols (OAuth, SAML, OpenID, etc.) and encryption algorithms (AES, RSA, TLS, etc.).
• Experience in conducting security code reviews and integrating security into the SDLC.
• Familiarity with CI/CD pipelines and DevSecOps practices.
• Excellent problem-solving skills, analytical thinking, and attention to detail.
• Strong communication skills, with the ability to explain technical security concepts to non-technical stakeholders.

Preferred Skills

• Certifications such as OWASP, CISSP, CISM, CEH, or equivalent.
• Experience with automated security testing in CI/CD environments.
• Experience with SAST/DAST tools and their integration into CI/CD pipelines.
• Familiarity with DevOps practices and tools.