Application Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or relevant equivalent experience.
• 5+ years of experience in application security, secure software development, and vulnerability management.
• Experience with containerization technologies, the principles of container operation, and implementing secure operational states for containerization technologies.
• Direct experience with security tools such as vulnerability scanners, DAST and SAST solutions, application testing tools, and application analysis tools.
• Experience with application security practices in enterprise environments.
• Strong knowledge of secure coding practices and common security vulnerabilities.
• Familiarity with DevSecOps principles and integrating security into CI/CD pipelines.
• Understanding of regulatory frameworks and compliance requirements (e.g., PCI-DSS, NIST, OWASP etc)
• Comfortable with scripting and automation using languages such as Python, PowerShell, or Bash

Responsibilities

• Perform architecture and security reviews on highly complex products to identify vulnerabilities.
• Work with development teams to integrate software security design patterns throughout the application lifecycle.
• Ensure critical application design and implementation decisions are based on sound security patterns, facilitate analytics process for application abuse detection, support application protection efforts, incident response and fraud.
• Find security threats and vulnerabilities in applications and recommend mitigation strategies.
• Participate in evaluation, deployment and operations of innovative security solutions.
• Conduct static and dynamic application security testing (SAST/DAST), code reviews, security assessments and evaluations.
• Implement and manage security tools, including SAST, DAST, Software Composition Analysis (SCA), and other security scanning solutions.
• Drive the implementation of authentication, authorization, and access control mechanisms for APIs and platforms.
• Partner with application development, engineering and operations teams to ensure a security-first approach in CI/CD pipelines.
• Work closely with the offensive security team to help identify, uncover and validate weakness and exposures in critical applications.
• Support incident response efforts and mitigations related to application security vulnerabilities and weaknesses.
• Provide security awareness training and guidance to development teams on secure coding practices.
• Lead implementation of strategic security initiatives that improve application security across the organization.
• Ensure application security practices align with regulatory standards such as PCI-DSS, NIST, and OWASP guidelines.

Benefits

• Medical, Dental, & Vision Coverage
• Flexible Paid Time Off
• 401(k) + Match
• Mental Health Support & Well-Being Program
• Paid Maternity & Paternity Leave
• Education Assistance
• Company-funded Lifestyle Spending Account