Senior Application Security Engineer

Job Description

Pune, India Full-time in person from Strategy Office a minimum of 4 days per week European Hours Join Strategy s IT Security group as a Senior Application Security Engineer and play a crucial role in safeguarding Strategy s software applications while using modern security and AI tooling. In this position, you will be responsible for establishing innovative security practices throughout the software development lifecycle, ensuring that our software products are resilient against novel threats and vulnerabilities. Security Architecture: Design and implement application security architecture and processes, ensuring they align with industry best practices and regulatory requirements. Secure SDLC: Manage a risk-balanced SDLC by integrating threat modeling, secure code reviews, and security testing. Vulnerability Management: Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA ) tools. Security Assessments Penetration Testing: Perform advanced penetration testing and red teaming across web, mobile, and cloud applications. Leverage exploit development techniques to identify high-risk vulnerabilities and collaborate with engineering teams for effective remediation. Secure Code Review: Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices. Threat Modeling Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture on complex or cross-functional components DevSecOps Enablement: Lead and enhance DevSecOps initiatives by identifying gaps and integrating security automation within CI/CD pipelines. Incident Response Remediation: Lead security incident response related to applications and work with engineering teams to remediate threats. Security Awareness Training: Develop and lead customized security training programs for engineering teams, focusing on OWASP Top 10, threat modeling, AI security risks, and secure coding principles.