Application Security Engineer

About The Position

Requirements

• Bachelor’s degree (or higher) in Computer Engineering, Computer Science, Cybersecurity or related is strongly desired
• Strong understanding of OWASP Top 10, SANS Top 25, and common cloud & mobile application vulnerabilities
• Hands-on experience securing cloud environments (AWS, Azure, or GCP), including identity and access management, network security groups, and cloud-native security tooling
• Foundational knowledge in security assessment on OS or application-level of iOS/Android applications
• Demonstrated ability to perform penetration testing against APIs, mobile applications (Android and iOS), and cloud infrastructure
• Familiarity with programming languages such as C/C++, Java, Swift, Kotlin, and Python through practical experience
• Familiarities with network security principles and various wireless security protocols
• Knowledge of APIs security, application security, and authentication protocols such as OAuth, SAML, etc.
• Basic knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process
• Basic understanding of API security best practices
• Willingness to learn developing security tools and automation scripts to support vulnerability assessment and penetration testing
• Strong interest to acquire and develop additional skills such as Embedded systems security fundamentals
• Demonstrates strong capability in conducting penetration testing and security assessments across applications, APIs, cloud environments, operating systems, and wireless technologies to identify, validate, and prioritize security risks
• Applies deep knowledge of application, API, and cloud security principles—including authentication, authorization, and secure architectures, to assess real‑world risk and recommend effective mitigations
• Analyzes complex systems, reverse engineers software components, and develops proof‑of‑concept exploits to understand root causes, attack paths, and potential impact
• Collaborates effectively with engineering and product teams to communicate findings, influence secure design decisions, and support remediation and re‑validation efforts
• Develops or enhances security testing tools, scripts, and automation to improve testing efficiency, consistency, and coverage
• Continuously builds knowledge of emerging attack techniques, vulnerabilities, and security trends and applies learnings to improve security testing effectiveness

Responsibilities

• Conduct analysis of security requirements specifications against implementation
• Perform security assessments and penetration testing including but not limited to mobile applications (iOS and Android), wireless security, APIs, cloud environments, and Linux OS
• Evaluate cloud infrastructure security across AWS, Azure, or GCP environments, including IAM policies, network segmentation, storage configurations, and serverless architectures
• Assess container and orchestration security (Docker, Kubernetes) for vehicle-connected cloud services and microservices deployments
• Review cloud-native application security controls such as API gateways, service meshes, secrets management, and logging/monitoring configurations
• Communicate complex technical findings and recommend the appropriate course of action, supporting the mitigation and re-validation efforts
• Support testing Connected Services ecosystems to identify and report security vulnerabilities and ensure compliance with security standards
• Develop and maintain security testing tools to support penetration testing and security verification activities, ensuring thorough identification of vulnerabilities
• Develop skills through continuous learning and apply what you have learned relevant to emerging attack vectors, vulnerabilities, and exploits across application and cloud domains
• Travel to clients or partners sites as needed to provide on-site support for security testing and verification activities