Application Security Engineer

About The Position

Requirements

• Proficiency with application security tools including SAST, DAST, dependency scanning, and WAF technologies
• Strong understanding of common web application vulnerabilities (OWASP Top 10) and secure coding practices
• Experience with at least one programming language (Java, Python, JavaScript, C#, or similar)
• Knowledge of API security, authentication mechanisms, and authorization frameworks
• Familiarity with DevSecOps practices and CI/CD pipeline integration
• 3-5 years of hands-on application security experience with demonstrated expertise in secure code review

Nice To Haves

• Retail or e-commerce experience a plus

Responsibilities

• Successfully integrate security practices into development workflows, resulting in measurable reduction of security vulnerabilities in production applications
• Conduct thorough security-focused code reviews that identify critical vulnerabilities while providing actionable feedback to development teams
• Establish and implement efficient processes for triaging, prioritizing, and tracking remediation of security findings with clear SLAs and accountability measures
• Enhance developer engagement through proactive security awareness initiatives, building trusted relationships that enable developers to implement secure coding practices throughout the development process.
• Assist with management and optimization of SAST, DAST, OSS, WAF, and other application security tools to maximize coverage and minimize false positives
• Provide analysis and support as needed during security incidents to contribute to faster resolution times