Application Security Engineer - Vulnerability Assessment

About The Role

Key Responsibilities

• Vulnerability Assessment: Perform code reviews, penetration testing, and security assessments to identify application vulnerabilities.
• Security Architecture: Design and implement robust security architecture for systems, networks, and applications in alignment with enterprise security strategy.
• Secure Development Lifecycle: Collaborate with development teams to integrate secure coding practices and SDLC principles into application workflows.
  

API Security

• Architect and implement secure APIs using protocols like OAuth 2.0 and JWT.
• Enforce best practices such as rate limiting, input validation, logging, and auditing.
  

Cloud & Container Security

• Evaluate security posture in cloud-native, SaaS, PaaS, and IaaS environments.
• Define security capabilities required for containerized and microservices-based architectures.
• Security Testing: Conduct SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) throughout the development lifecycle.
• Identity & Access Management: Implement access controls and authorization mechanisms to safeguard applications and data.
• Incident Response: Assist in investigating and responding to security incidents and breaches, providing root cause analysis and remediation strategies.
• Security Monitoring: Continuously monitor application behavior and logs to detect anomalous or malicious activity.
• Security Tooling: Implement and manage tools such as WAFs, SAST/DAST platforms, and other security solutions.
  

Required Skills & Qualifications

• Strong expertise in application security principles, OWASP Top 10 vulnerabilities, and secure development practices.
• Proficiency in programming languages such as Java, .NET, Angular, or JavaScript.
• Hands-on experience with security tools like SAST, DAST, and WAFs.
• Familiarity with cloud platforms (AWS, Azure, GCP) and securing applications in cloud-native environments.
• Strong analytical and problem-solving skills with the ability to assess complex security scenarios.
• Excellent communication skills with the ability to convey security concepts to both technical and non-technical stakeholders.
• Proven ability to work cross-functionally with development, DevOps, and IT teams