Job
Description
Position Overview: We are seeking a skilled and experienced Application Security
Engineer with 3-5 years of hands-on experience to join our security team. The ideal
candidate will be responsible for ensuring the security of applications throughout the
software development lifecycle (SDLC). You will work closely with development,
DevOps, and security teams to identify vulnerabilities, implement security best
practices, and ensure compliance with security standards. This role requires a
proactive mindset to protect applications from potential threats and ensure the
delivery of secure software.
Key Responsibilities:
1. Application Security Assessments:
• Perform security assessments, code reviews, and penetration testing
of web, mobile, and cloud-based applications.
• Identify vulnerabilities such as OWASP Top 10 risks (e.g., SQL
injection, XSS, CSRF) and provide actionable remediation guidance.
• Conduct threat modeling to identify potential risks and recommend
mitigation strategies.
2. Secure Software Development:
• Collaborate with development teams to integrate security best
practices into the software development lifecycle (SDLC).
• Provide guidance on secure coding practices and frameworks to
prevent vulnerabilities.
• Develop and maintain secure coding standards and guidelines.
3. Automation and Tools:
• Implement and manage application security tools such as Static
Application Security Testing (SAST), Dynamic Application Security
Testing (DAST), and Software Composition Analysis (SCA).
• Automate security testing processes within CI/CD pipelines to ensure
continuous security validation.
• Evaluate and recommend new security tools and technologies to
enhance application security.
4. Incident Response and Remediation:
• Investigate and respond to application security incidents and
vulnerabilities.
• Work with development teams to prioritize and remediate security
issues in a timely manner.
• Perform root cause analysis and implement preventive measures to
avoid recurring issues.
5. Security Awareness and Training:
• Conduct security training and awareness sessions for developers and
other stakeholders.
• Promote a culture of security within the organization by educating
teams on emerging threats and secure development practices.
6. Compliance and Standards:
• Ensure applications comply with industry standards and regulations
(e.g., GDPR, PCI-DSS, HIPAA).
• Stay updated on security frameworks and standards such as OWASP,
NIST, and ISO 27001.
• Assist in audits and assessments related to application security.
7. Collaboration and Communication:
• Work closely with cross-functional teams, including development,
DevOps, QA, and IT, to ensure security is embedded in all stages of
the application lifecycle.
• Communicate security risks and recommendations to technical and
non-technical stakeholders.
8. Monitoring and Reporting:
• Monitor applications for security threats and vulnerabilities using tools
and techniques.
• Generate reports on application security posture, vulnerabilities, and
remediation progress.
• Provide regular updates to leadership on the state of application
security.
Required Skills and Qualifications:
• Experience: 3-5 years of hands-on experience in application security or a
related role.
• Technical Expertise:
• Strong understanding of application security principles, vulnerabilities,
and attack vectors (e.g., OWASP Top 10, SANS CWE Top 25).
• Proficiency in secure coding practices for languages such as Java,
Python, JavaScript, C#, or similar.
• Experience with security testing tools such as Burp Suite, OWASP
ZAP, Veracode, Checkmarx, or Fortify.
• Familiarity with CI/CD pipelines and integrating security tools into
DevOps workflows.
• Knowledge of cloud security for platforms like AWS, Azure, or Google
Cloud.
• Understanding of authentication and authorization protocols (e.g.,
OAuth, SAML, JWT).
Preferred Qualifications:
• Experience with container security (e.g., Docker, Kubernetes) and
microservices architecture.
• Familiarity with API security and tools like Postman or SoapUI.
• Knowledge of cryptography, encryption standards, and secure data storage.
• Certifications such as Certified Ethical Hacker (CEH), Offensive Security
Certified Professional (OSCP), GIAC Web Application Penetration Tester
(GWAPT), or Certified Information Systems Security Professional (CISSP).
• Experience with bug bounty programs or vulnerability disclosure programs.
Soft Skills:
• Strong analytical and problem-solving skills to identify and address security
risks.
• Excellent communication skills to explain security concepts to technical and
non-technical audiences.
• Ability to work independently and collaboratively in a fast-paced environment.
• Proactive mindset with a focus on continuous learning and staying updated on
emerging security threats.
Education:
• Bachelors degree in Computer Science, Cybersecurity, Information
Technology, or a related field (or equivalent experience).Role & responsibilities
Preferred candidate profile
Perks and benefits
