Job Description

We are seeking a highly skilled and proactive Senior Application Security Engineer to join our growing security team.

You will be responsible for securing our applications throughout the software development lifecycle (SDLC). This includes

- identifying vulnerabilities,

- working with development teams to remediate risks, and

- implementing security best practices and tools to ensure our applications are robust, secure, and compliant with relevant standards.

Responsibilities:

• Perform manual and automated security assessments of web, mobile, and cloud applications
• Collaborate with development and engineering teams to embed security into SDLC (DevSecOps)
• Conduct secure code reviews, threat modeling exercises, and risk assessments to identify security weaknesses in application design.
• Implement and manage application security tools (SAST, DAST, SCA, IAST)
• Design and enforce security policies, standards, and procedures for application development
• Monitor, triage, and respond to application-layer vulnerabilities and incidents
• Work closely with QA and engineering teams to drive security testing and fix validation
• Lead the Incident Response effort for application-related security events.
• Stay current on the latest security threats, vulnerabilities, and industry's best practices
• Conduct developer training and promote a security-first culture within engineering
• Cross-train team members on Application Security principles.
• Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management.

Rquirements:

• Overall 8+ years of experience
• Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 5+ years in application security, secure software development, and penetration testing.
• Strong understanding of web technologies (HTML, JavaScript, Python, REST APIs, etc.).
• Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/DC pipelines for automated security testing.
• Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices.
• Knowledge of cloud environments (AWS, Azure, GCP) and their security features.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

Preferred Qualifications:

• Industry certifications such as CSSLP, GWAPT, OSCP, or CEH
• Experience with container security and CI/CD pipeline integration
• Familiarity with regulatory and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS)
• Prior experience working in agile, DevOps, or fast-paced development environments