Senior Application Security Engineer

**Job Description:** As a Senior Application Security Engineer at Strategy, you will join our IT Security group and play a vital role in ensuring the security of our software applications by utilizing modern security tools and AI technologies. Your responsibilities will include: - **Security Architecture:** Designing and implementing application security architecture and processes in alignment with industry best practices and regulatory requirements. - **Secure SDLC:** Managing a risk-balanced Software Development Life Cycle by integrating threat modeling, secure code reviews, and security testing. - **Vulnerability Management:** Identifying, triaging, and remediating security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA) tools. - **Security Assessments & Penetration Testing:** Performing advanced penetration testing and red teaming across web, mobile, and cloud applications. Collaborating with engineering teams for effective remediation of high-risk vulnerabilities. - **Secure Code Review:** Analyzing source code and providing security recommendations to developers to ensure adherence to secure coding best practices. - **Threat Modeling & Risk Analysis:** Anticipating potential attack vectors through threat modeling and enhancing security architecture on complex components. - **DevSecOps Enablement:** Leading and enhancing DevSecOps initiatives by identifying gaps and integrating security automation within CI/CD pipelines. - **Incident Response & Remediation:** Leading security incident response related to applications and working with engineering teams to remediate threats. - **Security Awareness & Training:** Developing and leading customized security training programs for engineering teams focusing on various security aspects. **Qualifications:** - Bachelor's degree in Computer Science, Engineering, or related field. - Minimum 5 years of software development or software security experience in an agile environment with expertise in secure coding practices, threat modeling, and vulnerability assessment. - Hands-on experience with SAST, DAST, IAST, and SCA tools like GitHub Advanced Security, Checkmarx, Fortify, etc. - Deep knowledge of API security, containerized applications, supply chain security risks, AI/ML security risks, Infrastructure as Code security, and programming languages such as Python, Java, JavaScript. - Strong understanding of secure coding principles, application security frameworks, security standards, and regulations. - Experience securing AI/ML applications, cloud security best practices, and effective collaboration skills. (Note: The recruitment process includes online assessments covering English, logic, design, and technical aspects, which will be sent via email. Please check your SPAM folder as well.) (Note: No additional company information was provided in the job description.),