Senior Application Security Engineer

The Senior Security Engineer will be responsible for executing and advancing application security efforts through hands-on assessments, process improvements, secure development enablement, and cross-functional collaboration. They will act as a subject matter expert for security design and remediation, contributing to secure software delivery at scale.

KeyRoles & Responsibilities:

Contribute to the design and implementation of the organization's application security program.

Support the enforcement of secure coding practices and industry best standards.

Conduct threat modeling sessions, design reviews, and security walkthroughs with development teams.

Ensure alignment with regulatory frameworks and standards (e.g., OWASP, PCI-DSS, ISO 27001).

Perform static (SAST) and dynamic (DAST) application security testing using tools such as (Checkmarx, SonarQube, Veracode, Burp Suite)

Lead and conduct manual code reviews and penetration testing exercises as needed.

Prioritize, and guide remediation of vulnerabilities based on business risk and impact.

Assess third-party libraries, applications, and APIs for security risks and integration issues.

Embed security into CI/CD pipelines by integrating and optimizing automated security tools.

Provide architectural and design security consultation to product and engineering teams.

Drive awareness and adoption of secure coding practices among developers and DevOps.

Deliver security knowledge-sharing sessions and tailored training to technical teams.

Collaborate with cross-functional stakeholders (product, IT, compliance, engineering).

Support investigation and response to application security incidents.

Conduct root cause analysis and assist with implementing preventative controls.

Coordinate with the SecOps team on logging, detection, and monitoring enhancements.
Help define and report on security KPIs, risks, and remediations to management.

Stay informed on current threat trends, tools, and emerging AppSec methodologies.

Required Experience, Education, Knowledge, and Skills

2-5 years of experience in Application Security.

Bachelor's degree and/or master's degree in cyber security, information security, computer engineering, computer science, or a related field.

Core Knowledge & Skills:

Web Application Penetration Testing (WAPT)

Mobile Application Penetration Testing (MAPT)

Secure Software Development Lifecycle (S-SDLC)

Threat Modelling

Secure Source Code Review (SSCR)

SecDevOps

Preferred Certifications:

EC-Council: E CDE, C ASE .NET, C ASE JAVA, W AHS

INE Security: eWPT, eWPTX, eMAPT

The SecOps Group (TSOG): CAP, CAPen, CAPenX, CMPen-Android, CMPen-iOS

GIAC: GWAPT, GMOB

Offensive Security (OS): OSWA, OSWE

Practical DevSecOps (PDSO): CDP, CDE, CTMP, CASP, CSSE

Mile2: C)SWAE