Application Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
• 3+ years of experience in cybersecurity, with a focus on application security, DevSecOps, or automation.
• Strong understanding of secure software development lifecycle (SDLC) practices.
• Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, SonarQube, Veracode, Checkmarx).
• Experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD, GitHub Actions) and integrating security testing into pipelines.
• Familiarity with programming/scripting languages (e.g., Python, Java, Bash, or PowerShell).
• Strong knowledge of cloud security principles (e.g., AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes).
• Experience with Infrastructure-as-Code tools (e.g., Terraform, Ansible).
• Knowledge of OWASP Top 10, CWE, and other security frameworks.
• Excellent problem-solving and communication skills.

Nice To Haves

• Relevant certifications (e.g., OSCP, CISSP, CEH, CSSLP, or AWS Security Specialty).
• Experience with security orchestration, automation, and response (SOAR) tools.
• Familiarity with compliance frameworks (e.g., ISO 27001, SOC 2, PCI DSS).
• Hands-on experience with vulnerability management tools and processes.

Responsibilities

• Conduct application security assessments, including code reviews, threat modeling, and penetration testing.
• Develop, maintain, and implement secure coding guidelines and best practices for development teams.
• Identify and remediate vulnerabilities in applications using tools like SAST, DAST, and RASP.
• Collaborate with development teams to ensure security is integrated into the design and architecture of new applications.
• Respond to and manage application-level security incidents.
• Design and implement DevSecOps pipelines to automate security testing in CI/CD workflows.
• Advocate for 'security as code' by integrating security controls into infrastructure-as-code and deployment scripts.
• Work with DevOps teams to ensure secure configurations of containerized and cloud-based environments.
• Continuously evaluate and improve DevSecOps tools and processes to reduce friction and optimize developer productivity.
• Develop and implement scripts, APIs, and automation workflows to improve security operations and reduce manual effort.
• Automate vulnerability management, patching, and reporting processes.
• Monitor and enhance security tools through custom scripting or integrations with other platforms.
• Build automated security metrics dashboards to track risk and compliance.
• Partner with cross-functional teams to foster a culture of security awareness and shared responsibility.
• Provide training and mentoring to developers and engineers on secure coding practices and security tools.
• Act as a security advisor during development sprints and product planning.
• Stay up-to-date with the latest security vulnerabilities, trends, and technologies.
• Evaluate new tools, technologies, and methodologies to enhance application security and automation.
• Participate in incident response efforts as needed, providing expertise in application-level threats.

Benefits

• Medical, Dental, Vision, PTO, health and wellness programs, employee discounts, and more!