Associate Application Security Engineer

About The Position

Requirements

• 4 year degree or equivalent experience (Preferred)
• 2+ years' experience in IT Operations, IT Security, or Application Development or similar technical role (Preferred)
• General knowledge of business theory, business processes, management, budgeting and business office operations.
• Excellent interpersonal communication skills and the ability to clearly convey technical and non-technical information.
• Strong project management and coordination skills, with the ability to keep multiple teams aligned on security priorities.
• Familiarity with vulnerability management processes and tools (e.g., DAST, SCA, ASPM).
• Understanding of CI/CD pipelines and experience monitoring/debugging security jobs within them.
• A good understanding of Software Development Life Cycle.
• Detail-oriented mindset, with the ability to maintain accurate inventories and track multiple streams of security data.
• Ability to triage common vulnerabilities and communicate risk in a structured, actionable way.

Nice To Haves

• Hands-on experience with common security tools (e.g., Snyk, SonarQube, Checkmarx, Burp Suite, Tenable, Wiz, etc.).
• Exposure to DevSecOps practices and automated security testing.
• Experience with ticketing/project tracking systems (e.g., Jira, ServiceNow).
• A basic understanding of secure development practices and cloud infrastructure.
• Experience in a healthcare environment. (Preferred)
• Project management experience preferred (Preferred)
• Incident response experience.

Responsibilities

• Integrate and manage security tooling across the SDLC and CI/CD pipelines, including Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), secrets detection, Infrastructure-as-code scanning, API security testing, and vulnerability correlation platforms.
• Track vulnerability advisories and threat intelligence feeds; notify relevant stakeholders when new critical vulnerabilities or risks impact the organization.
• Manage vulnerability tracking and reporting across multiple scanning tools (DAST, SCA, ASPM, etc.), ensuring findings are logged, prioritized, and communicated to the right teams.
• Provide initial triage of vulnerabilities, work with senior resources in Application Security team to formulate appropriate practical guidance to development and infrastructure teams on severity, prioritization, and potential remediation paths.
• Champion container security by ensuring secure image creation, scanning, and runtime protections across platforms like Docker and Kubernetes.
• Partner with DevOps and Infrastructure teams to secure Azure cloud-native environments, including container orchestration and deployment layers.
• Drive adoption of secure coding practices, supported by threat modelling, code reviews, and developer training programs.
• Establish and track key metrics for AppSec maturity, coverage, risk reduction, and remediation SLAs.
• Liaise with Legal to define and communicate security controls required for regulatory compliance and contractual obligations.
• Partner with GRC and Client Response teams to prepare for audits, provide standardized answers to security questionnaires, and represent pipeline and platform controls to clients and external assessors.
• Engage with Pre-Sales Engineering, where required, to support security discussions with strategic prospects and customers.
• Create transparency and trust around security posture through consistent reporting, dashboards, and stakeholder communication.
• Identify gaps in security posture and propose enhancements to architecture, processes, and tooling.

Benefits

• Competitive benefits package
• Remote working position
• Occasional travel (1-2 times per year)
• On-call support every 6-8 weeks