Application Security Developer

About The Position

Requirements

• 3–5 years of experience in application security, penetration testing, or a related field
• Hands-on experience with DAST tools (e.g., Burp Suite, OWASP ZAP, Netsparker, Acunetix), combined with the ability to manually validate findings
• Strong understanding of web application security (OWASP Top 10) and API security risks (OWASP API Top 10)
• Experience testing modern architectures (microservices, SPAs, API-driven systems)
• Practical knowledge of authentication and authorization mechanisms (OAuth, OIDC, JWT, session management)
• Familiarity with API protocols and formats (REST, GraphQL, JSON, XML, gRPC)
• Experience supporting security testing within CI/CD pipelines or DevSecOps workflows
• Ability to identify and exploit common vulnerabilities such as injection, XSS, CSRF, and broken access control
• Working knowledge of HTTP/S and web protocols
• Proficiency in scripting or programming (e.g., Python, JavaScript, or Go)
• Strong analytical and problem-solving skills with the ability to triage and prioritize vulnerabilities
• Effective communication skills to explain risks and remediation steps to engineering teams

Nice To Haves

• Experience performing manual penetration testing of web applications and APIs
• Familiarity with advanced DAST techniques (e.g., fuzzing, parameter discovery)
• Knowledge of runtime security controls such as WAFs, RASP, or API security platforms
• Experience with cloud environments (AWS, Azure, GCP) and securing cloud-native applications
• Familiarity with security testing automation frameworks
• Experience with bug bounty programs or vulnerability disclosure processes
• Contributions to security standards, playbooks, or developer training

Responsibilities

• Perform dynamic application security testing (DAST) against web applications and APIs to identify runtime vulnerabilities, including authentication, authorization, and business logic flaws
• Conduct API security assessments (REST, GraphQL, gRPC), validating authentication flows, authorization models, rate limiting, and data exposure risks
• Execute and support web application security testing, including manual testing and automated scanning aligned with OWASP Top 10 and API Top 10
• Analyze and triage findings from DAST tools and scanners, tuning configurations to improve signal quality and reduce false positives
• Partner with engineering teams to remediate vulnerabilities, providing clear, actionable guidance on fixes and secure design patterns
• Integrate DAST and API security testing into CI/CD pipelines, enabling continuous and automated security validation
• Collaborate with teams to implement and optimize security controls such as WAFs, API gateways, and runtime protections
• Contribute to security testing strategies, including automation, tooling selection, and coverage improvements across services
• Provide developer education and guidance on web and API security risks, exploitation techniques, and remediation best practices
• Track, prioritize, and report on security findings and trends to improve overall application and API security posture

Benefits

• annual cash bonuses
• stock grants
• comprehensive benefits package