Senior Application Security Engineer

The Senior Application Security Engineer plays a crucial role in ensuring the security of software applications by identifying vulnerabilities, implementing security measures, and working closely with development teams to build secure systems. This position involves conducting security assessments, integrating security best practices into the software development lifecycle (SDLC), and responding to security incidents. The ideal candidate should have a deep understanding of application security frameworks, penetration testing, and secure coding practices.

Responsibilities:

• Conduct security assessments and penetration testing on applications to identify and mitigate vulnerabilities.

• Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC).

• Implement secure coding standards and provide guidance to developers on writing secure code.

• Perform threat modeling and risk assessments for applications and systems.

• Monitor security threats and vulnerabilities, recommending and implementing appropriate solutions.

• Develop and maintain application security policies, standards, and guidelines.

• Evaluate and recommend security tools, including static and dynamic application security testing (SAST/DAST) solutions.

• Investigate and respond to security incidents, working with internal teams to remediate threats.

• Stay updated with the latest security trends, threats, and regulatory requirements.

• Conduct security awareness training for developers and IT teams.

Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.

• Proven experience in application security, secure coding, and vulnerability assessment.

• Strong knowledge of OWASP Top 10, secure SDLC, and threat modeling.

• Experience with security testing tools such as Burp Suite, Metasploit, Fortify, or similar.

• Hands-on experience with programming languages such as Java, Python, or C#.

• Familiarity with cloud security practices for platforms like AWS, Azure, or Google Cloud.

• Understanding of security compliance frameworks such as ISO 27001, NIST, or PCI-DSS.

• Strong analytical and problem-solving skills with attention to detail.

• Security certifications such as CISSP, CEH, OSCP, or CSSLP are a plus.

• Excellent communication and collaboration skills to work with cross-functional teams.