Security Engineer

Role & responsibilities

Security Engineer

Job Summary

Security Engineer

Key Responsibilities

Application Security & SDLC

• Integrate security into all phases of the

  Software Development Life Cycle (SDLC)

  .
• Perform

  automated threat modeling

  using

  Threat Modeler

  during design and architecture phases.
• Identify potential attack vectors and recommend

  security controls and mitigations

  .

Code & Vulnerability Analysis

• Conduct

  Static Application Security Testing (SAST)

  using

  Checkmarx

  .
• Review and validate security findings, reducing false positives.
  
• Work with developers to remediate vulnerabilities such as

  SQL Injection, XSS, CSRF, and insecure authentication

  .

Risk Management & Prioritization

• Use

  Zafran Security

  to aggregate and prioritize vulnerabilities from multiple AppSec tools.
• Focus remediation efforts based on

  exploitability, business impact, and application exposure

  .
• Track vulnerability remediation and risk acceptance.
  

DevSecOps Enablement

• Integrate security tools into

  CI/CD pipelines

  .
• Automate security testing and reporting.
  
• Collaborate with DevOps teams to implement secure build and deployment practices.
  

Collaboration & Reporting

• Partner with engineering teams to promote

  secure coding best practices

  .
• Provide security guidance, training, and awareness sessions.
  
• Prepare security metrics, dashboards, and executive-level reports.
  

Required Skills & Qualifications

Technical Skills

• Hands-on experience with

  Checkmarx (SAST)

  .
• Experience with

  Threat Modeler

  for design-level security analysis.
• Knowledge of

  Zafran Security

  or similar

  ASPM / vulnerability prioritization platforms

  .
• Strong understanding of:
  
• OWASP Top 10
  
• Secure coding practices
  
• Web and API security
  
• Familiarity with CI/CD tools (Jenkins, GitHub Actions, GitLab CI, etc.).
  
• Experience with cloud platforms (AWS, Azure, or GCP).
  

Soft Skills

• Strong communication skills to work with developers and stakeholders.
  
• Ability to translate technical risks into

  business impact

  .
• Problem-solving mindset with attention to detail.
  

Preferred Qualifications

• Experience with DAST, SCA, or container security tools.
  
• Knowledge of threat modeling frameworks (STRIDE, PASTA).
  
• Security certifications such as

  CEH, CSSLP, GWAPT, or CISSP

  .
• Experience in Agile / DevOps environments.
  

Nice to Have

• Python, Java, or JavaScript security testing experience.
  
• Exposure to regulatory standards (ISO 27001, SOC 2).
  
• Experience building AppSec programs from scratch.
  

Preferred candidate profile