Application Security Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field
• 5+ years of experience in cybersecurity, application security, or a similar IT role
• Strong understanding in security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Strong understanding of web application security, including OWASP Top 10 vulnerabilities
• Proficiency in secure coding practices and common programming languages (e.g., .NET, Java, Python)
• Experience with security testing tools and methodologies (e.g., SAST, SCA, DAST, penetration testing)
• Familiarity with compliance regulations and industry security standards
• Excellent problem-solving and analytical skills
• Strong communication skills and ability to work effectively in cross-functional teams

Nice To Haves

• Relevant security certifications (e.g., CISSP, GIAC, CCNA)
• Experience with cloud security and containerization technologies
• Knowledge of DevSecOps practices and CI/CD pipelines
• Familiarity with threat modeling methodologies and risk assessment frameworks
• Experience with advanced persistent threats, phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication

Responsibilities

• Conduct security-focused code reviews and application security assessments
• Perform threat modeling and risk assessments for new and existing applications
• Implement and maintain security controls, including authentication, authorization, and encryption mechanisms
• Develop and oversee secure code analysis programs in conjunction with development teams
• Identify and assess security vulnerabilities in applications and systems
• Lead the remediation of application vulnerabilities discovered through scanning and security testing
• Help manage the organization's vulnerability intake and remediation process
• Work closely with development teams to integrate security best practices into the SDLC
• Provide guidance and training on secure coding practices and application security
• Collaborate with IT professionals to harden systems and applications
• Assist in designing secure application architectures and infrastructure
• Evaluate and provide recommendations on third-party applications and services
• Contribute to the development of security policies, standards, processes, and procedures
• Stay up-to-date with the latest security threats, trends, and countermeasures
• Research and analyze application behaviors to improve security and stability
• Contribute to the evolution of the organization's application security functions and services

Benefits

• Incentive compensation