Application Security Lead

Job Description

Job Title : Application Security Lead Job Overview : The Application Security Engineer is tasked with identifying and mitigating security vulnerabilities within the organizations software applications. This role involves conducting security code reviews, implementing security testing methodologies, and working closely with development teams to integrate security measures into the software development lifecycle (SDLC). Key Responsibilities : Conduct application security assessments, code reviews, and penetration tests to identify vulnerabilities. Integrate security tools, such as SonarQube, Synk into the CI/CD pipeline. Collaborate with development teams to remediate identified security issues and to promote secure coding practices. Develop and maintain security documentation, including security requirements, threat models, and incident response plans. Assist in the development and delivery of security training and awareness programs for developers and relevant stakeholders. Monitor and stay up-to-date with emerging security threats and trends affecting application security. Provide expertise in the use of security testing tools and the interpretation of their results. Participate in the design and implementation of application security controls and best practices. Support the Application Security Lead in developing and refining the application security program. Assist with the evaluation and implementation of new security technologies and improvements to existing processes. Qualifications : Bachelors degree in Computer Science, Information Security, or a related technical field. 6-10 years of experience in application security or a combination of related areas such as software development and network security. Familiarity with common security vulnerabilities and the ability to demonstrate understanding of OWASP Top 10 risks. Experience with application security tools such as static analysis, dynamic analysis, and web application firewalls. Knowledge of secure coding practices and experience with software development languages (e.g., Java, JavaScript, Python). Understanding of encryption technologies, authentication protocols, and other security mechanisms. Ability to effectively communicate security risks and solutions to technical and non-technical stakeholders. Preferred Skills : Relevant security certifications (e.g., GWEB, GWAPT, CEH, OSCP).