Senior Application Security Engineer

Key Responsibilities:

• Lead the application security program across all software products, ensuring the adoption of secure development practices, vulnerability management, and secure coding standards.
• Perform advanced security assessments, penetration testing, threat modeling, and code reviews for web applications, mobile apps, and cloud-native services.
• Lead and mentor a team of security engineers, providing guidance on secure coding practices, vulnerability remediation, and security best practices.
• Build and manage security testing tools, processes, and frameworks, including automated security testing within the CI/CD pipeline.
• Collaborate with cross-functional teams (e.g., development, operations, and IT) to implement security requirements throughout the SDLC.
• Drive the integration of security into Agile and DevOps workflows, ensuring continuous security testing and compliance.
• Conduct risk assessments and provide actionable security recommendations to mitigate potential threats across all stages of the software development lifecycle.
• Ensure that security issues are identified, tracked, and remediated within project timelines and defined risk thresholds.
• Manage relationships with key stakeholders and provide technical security leadership across the organization.
• Lead the design, development, and implementation of security policies, standards, and frameworks, ensuring alignment with industry best practices (OWASP, NIST, ISO, etc.).
• Provide expertise in the secure design and architecture of web and mobile applications, APIs, microservices, and cloud infrastructure.
• Stay updated with the latest security trends, tools, technologies, and vulnerabilities to continuously improve the application security program.
• Lead incident response for security events related to application vulnerabilities, providing analysis, remediation strategies, and post-incident reporting.

Required Skills & Experience:

• 6-12 years of experience in application security, penetration testing, or related security fields.
• Proven expertise in securing web and mobile applications (OWASP Top 10, OWASP Mobile, etc.), APIs, and microservices architectures.
• In-depth experience with security testing methodologies (SAST, DAST, IAST, and penetration testing).
• Strong expertise in identifying and mitigating security risks in the SDLC, and integrating security into Agile/DevOps workflows.
• Solid understanding of common programming languages (e.g., Java, Python, .NET, JavaScript, C++, etc.) and secure coding practices.
• Experience with threat modeling, risk assessments, and vulnerability management processes.
• Expertise in cloud security, including cloud platforms like AWS, Azure, and GCP.
• Extensive experience with security tools such as Burp Suite, ZAP, Fortify, Checkmarx, SonarQube, and related tools.
• Strong knowledge of web protocols (HTTP, HTTPS, REST, SOAP) and application security features (authentication, authorization, encryption).
• Familiarity with industry frameworks and standards (e.g., NIST, ISO 27001, SOC2, PCI DSS, GDPR).
• Experience in mentoring and leading security teams, driving security initiatives across engineering departments.
• Proficiency with secure coding practices and application security tools in continuous integration/continuous deployment (CI/CD) pipelines.
• Strong communication skills with the ability to collaborate with both technical and non-technical stakeholders to drive security solutions.
• Ability to influence and advocate for security initiatives in a complex organizational structure.