Security Engineer, Application Security

About The Position

Requirements

• Master’s degree or foreign equivalent in Computer Science with a specialization in Information Security, or a related field, and one (1) of experience in computer science, information security, application security or a closely related role.
• Perform comprehensive vulnerability management and risk assessments using industry tools such as Tenable and Qualys.
• Deliver actionable reports with remediation guidance and continuously monitor and triage alerts with SIEM platforms including Splunk, Sumo Logic, ELK, and Wazuh.
• Conduct hands-on application security testing using a variety of SAST, SCA, and DAST tools, including Veracode, BurpSuite, Snyk, Semgrep, OWASP ZAP, Arachni, SonarQube, and OWASP Dependency-Check.
• Develop and review secure applications in programming languages such as Ruby on Rails, Java, Python, and Go, focusing on modern UI web interfaces (e.g., JavaScript, ReactJS, AngularJS, Node.js).
• Ensure adherence to secure coding standards (OWASP Top 10) and protect against threats like XSS and SQL injection.
• Conduct peer code reviews, perform in-depth threat modeling using methodologies like STRIDE, and execute security architecture assessments to proactively identify and mitigate risks throughout the software development lifecycle.
• Embed security into CI/CD pipelines, specifically within GitLab, by writing custom jobs and rules.
• Integrate and automate security tools like Trivy Sensitivity: Confidential and Semgrep to ensure continuous security checks and early vulnerability detection within a DevSecOps framework.
• Securely handle sensitive data using credential management tools like HashiCorp Vault.
• Design and implement strong cryptographic techniques, including AES, RSA, ECC, and various hashing algorithms.
• Review and enforce cloud security best practices for AWS and GCP environments.
• Conduct internal and external security audits aligned with compliance frameworks such as SOC II Type 2, ISO 27002, NIST, and PCI, and prepare associated reports and policy updates.
• Design and implement robust authentication and authorization systems utilizing protocols such as OAuth 2.0, SAML, JWT, and access control models like RBAC/ABAC.
• Develop custom security software using Python, Bash, and Ruby to automate security processes, from vulnerability scanning to incident response.
• Support client and third-party security audits by preparing responses to security assessments and risk questionnaires, including those from platforms like OneTrust.

Responsibilities

• Conducting application security reviews
• Performing secure code analysis
• Integrating security testing into CI/CD pipelines
• Guiding developers on secure coding practices
• Design and implement security protocols for Healthcare, EDU, and B2B applications
• Conducting regular threat modeling and vulnerability assessments to identify and mitigate risks
• Developing and deploying cryptographic solutions to protect sensitive data
• Analyze and interpret student-related data from Indian and Chinese markets to inform strategies for mitigating payer fraud and enhancing security for international student transactions