Senior Application Security Engineer

Role & responsibilities

• 6-12 years of experience in application security, penetration testing, or related security fields.
• Proven expertise in securing web and mobile applications (OWASP Top 10, OWASP Mobile, etc.), APIs, and microservices architectures.
• In-depth experience with security testing methodologies (SAST, DAST, IAST, and penetration testing).
• Strong expertise in identifying and mitigating security risks in the SDLC, and integrating security into Agile/DevOps workflows.
• Solid understanding of common programming languages (e.g., Java, Python, .NET, JavaScript, C++, etc.) and secure coding practices.
• Experience with threat modeling, risk assessments, and vulnerability management processes.
• Expertise in cloud security, including cloud platforms like AWS, Azure, and GCP.
• Extensive experience with security tools such as Burp Suite, ZAP, Fortify, Checkmarx, SonarQube, and related tools.
• Strong knowledge of web protocols (HTTP, HTTPS, REST, SOAP) and application security features (authentication, authorization, encryption).
• Familiarity with industry frameworks and standards (e.g., NIST, ISO 27001, SOC2, PCI DSS, GDPR).
• Experience in mentoring and leading security teams, driving security initiatives across engineering departments.
• Proficiency with secure coding practices and application security tools in continuous integration/continuous deployment (CI/CD) pipelines.
• Strong communication skills with the ability to collaborate with both technical and non-technical stakeholders to drive security solutions.
• Ability to influence and advocate for security initiatives in a complex organizational structure.

Preferred candidate profile

• Industry certifications such as CISSP, CISM, OSCP, CEH, or equivalent.
• Experience with containerization and orchestration tools like Docker and Kubernetes.
• Experience in automating security testing and integrating it into CI/CD workflows.
• Knowledge of advanced threat intelligence, advanced persistent threats (APTs), and secure software design patterns.
• Experience with application security at scale, especially in microservices and serverless architectures.