Senior Application Security Engineer

Key Responsibilities:

Lead the application security program across all software products, ensuring the adoption of secure development practices, vulnerability management, and secure coding standards.
Perform advanced security assessments, penetration testing, threat modeling, and code reviews for web applications, mobile apps, and cloud-native services.
Lead and mentor a team of security engineers, providing guidance on secure coding practices, vulnerability remediation, and security best practices.
Build and manage security testing tools, processes, and frameworks, including automated security testing within the CI/CD pipeline.
Collaborate with cross-functional teams (e.g., development, operations, and IT) to implement security requirements throughout the SDLC.
Drive the integration of security into Agile and Dev Ops workflows, ensuring continuous security testing and compliance.
Conduct risk assessments and provide actionable security recommendations to mitigate potential threats across all stages of the software development lifecycle.
Ensure that security issues are identified, tracked, and remediated within project timelines and defined risk thresholds.
Manage relationships with key stakeholders and provide technical security leadership across the organization.
Lead the design, development, and implementation of security policies, standards, and frameworks, ensuring alignment with industry best practices (OWASP, NIST, ISO, etc.).
Provide expertise in the secure design and architecture of web and mobile applications, APIs, microservices, and cloud infrastructure.
Stay updated with the latest security trends, tools, technologies, and vulnerabilities to continuously improve the application security program.
Lead incident response for security events related to application vulnerabilities, providing analysis, remediation strategies, and post-incident reporting.

Required Skills & Experience :
6-12 years of experience in application security, penetration testing, or related security fields.
Proven expertise in securing web and mobile applications (OWASP Top 10, OWASP Mobile, etc.), APIs, and microservices architectures.
In-depth experience with security testing methodologies (SAST, DAST, IAST, and penetration testing).
Strong expertise in identifying and mitigating security risks in the SDLC, and integrating security into Agile/Dev Ops workflows.
Solid understanding of common programming languages (e.g., Java, Python, .NET, JavaScript, C++, etc.) and secure coding practices.

Experience with threat modeling, risk assessments, and vulnerability management processes.
Expertise in cloud security, including cloud platforms like AWS, Azure, and GCP.
Extensive experience with security tools such as Burp Suite, ZAP, Fortify, Checkmarx, Sonar Qube, and related tools.
Strong knowledge of web protocols (HTTP, HTTPS, REST, SOAP) and application security features (authentication, authorization, encryption).
Familiarity with industry frameworks and standards (e.g., NIST, ISO 27001, SOC2, PCI DSS, GDPR).
Experience in mentoring and leading security teams, driving security initiatives across engineering departments.
Proficiency with secure coding practices and application security tools in continuous integration/continuous deployment (CI/CD) pipelines.
Strong communication skills with the ability to collaborate with both technical and non-technical stakeholders to drive security solutions.
Ability to influence and advocate for security initiatives in a complex organizational structure.