Application Security Engineer

As an Application Security Engineer, you will be at the forefront of securing our applications and infrastructure. You will work with cross-functional teams to embed security into the software development life cycle (SDLC), reduce risk exposure, and ensure compliance with industry standards. Your expertise will directly safeguard sensitive data, protect against emerging threats, and strengthen our overall security posture.Roles & Responsibilities·        Partner with development teams to embed security principles and practices throughout the SDLC.·        Perform code security assessments to uncover vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure APIs.·        Lead threat modeling sessions and conduct risk assessments for upcoming features and services.·        Deploy, configure, and maintain tools for both static and dynamic application security testing.·        Assess security risks and propose effective mitigation and remediation strategies.·        Ensure sensitive data (e.g., credentials, tokens, keys) remains protected during builds and deployments.·        Collaborate with teams to remediate or replace insecure third-party libraries and components.·        Support internal and external audits concerning application and infrastructure security practices.·        Strengthen CI/CD pipelines and infrastructure by enforcing secure configurations.·        Monitor and stay informed on the latest exploits, vulnerabilities, and application security trends.·        Deliver training and mentorship to developers on secure coding standards and practices.·        Develop and maintain internal playbooks, documentation, and security guidelines.·        Ensure cloud services (AWS, Azure, GCP) are deployed with secure configurations and controls.·        Review, audit, and optimize access permissions, network policies, and identity management practices.Requirements & Qualifications·        Bachelor’s/Master’s in Computer Science, Cybersecurity, or related discipline.·        Minimum 5 years of experience in Application Security, Security Engineering, or DevSecOps.·        Strong knowledge of web application vulnerabilities and remediation (OWASP Top 10, CWE Top 25).·        Experience with security testing tools such as Burp Suite, OWASP ZAP, Checkmarx, Veracode, or Fortify.·        Proficiency in secure coding practices across languages (Java, Python, JavaScript, C#, etc.).·        Hands-on experience with CI/CD and security automation (Jenkins, GitLab CI, GitHub Actions).·        Cloud security expertise in AWS, Azure, or GCP (IAM, secrets management, networking).·        Familiarity with container and microservices security (Docker, Kubernetes).·        Experience with compliance standards (ISO 27001, SOC 2, PCI DSS, GDPR).Preferred Skills·        Security certifications such as OSWE, OSCP, GWAPT, CEH, or CISSP.·        Knowledge of Infrastructure-as-Code security (Terraform, CloudFormation).·        Experience with API security testing and automation.·        Strong communication and collaboration skills to bridge technical and non-technical teams.