Senior Applications Security Engineer

 

What you’ll achieve:

As a Senior Application Security Engineer, you will take ownership of securing our applications throughout the software development lifecycle and provide strategic guidance to ensure the highest level of security across our organization. With your expertise, you will mentor and collaborate with cross-functional teams, drive the adoption of best practices, and implement robust security measures to protect our critical assets, data, and customer information from security threats and vulnerabilities.

Essential Duties

$ads={1}

• Drive the application security program, establishing strategic goals, objectives, and initiatives to enhance the overall security posture of our applications.
• Conduct comprehensive application security assessments, including manual penetration testing, code reviews, architecture reviews and vulnerability scanning, to identify and mitigate risks and vulnerabilities.
• Provide technical leadership and guidance to development teams, architects, and stakeholders on secure coding practices, security requirements, and the integration of security controls into the software development lifecycle.
• Develop and maintain application security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry best practices.
• Collaborate with development teams to perform threat modeling, identify security design gaps, and recommend appropriate security controls and countermeasures.
• Conduct security reviews of third-party applications and vendors to assess their security posture and ensure compliance with our security standards.
• Lead incident response efforts for application security incidents, coordinating with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities.
• Stay up to date with emerging threats, vulnerabilities, and industry trends, and provide recommendations for proactive security enhancements.
• Mentor and train junior members of the application security team, providing guidance and knowledge transfer to develop their skills and expertise.
• Evaluate and recommend security tools, technologies, and frameworks to enhance application security capabilities and automate security processes.

Desired Requirements

• Bachelor’s degree in computer science, Information Security, or a related field - or equivalent work experience.
• 8+ years of professional experience working as an Application Security Engineer or in a similar role, with a focus on securing web and mobile applications.
• In-depth knowledge of application security concepts, including secure coding practices, authentication and authorization mechanisms, encryption, and vulnerability assessment.
• Demonstrated experience conducting manual application penetration testing, code reviews, and vulnerability assessments.
• Strong understanding of web and mobile application frameworks, languages, and technologies (e.g., Java, JavaScript, Python).
• Proficiency in application security tools such as static code analysis (SAST), dynamic application security testing (DAST), and penetration testing frameworks.
• Expertise in cloud security concepts and practices, particularly in cloud-native environments (e.g., AWS, Azure, GCP).
• Deep knowledge of web application security vulnerabilities (OWASP Top Ten), attack vectors, and mitigation techniques.
• Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell).
• Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) are highly desirable.
• Administration of security tools such as: Anti DDoS WAF, SAST and DAST.
• Secure software development lifecycle (SSDLC) and DevSecOps practices.
• Leader that can influence, motivate, and direct a workgroup to achieve results.
• Excellent communication skills both verbal and written.
• Project leadership with the ability to prioritize multiple assignments and / or deliverables.

Desired Behaviors

• Receptive to change – is flexible. Seeks and adopts improved approaches and processes.
• Initiates action – is results oriented, takes responsibility for actions and outcomes. Meets commitments and strives for high performance.
• Manages the workload - makes timely decisions, prioritizes effectively, solves problems, monitors results and takes remedial action where necessary.
• Technically proficient – knows role and has a solid familiarity with tasks and responsibilities.
• Takes responsibility for own learning - knows personal strengths and recognizes development needs. Is open to feedback and always seeks to learn.
• Communicates ideas – strong facilitation and written communication, proposes a way forward. Listens to views of colleagues and takes on diverse perspectives.
• Works collaboratively – shares information, fosters teamwork and contributes to a positive work environment where people want to come to work.
• Display ethical character and competence - acts with integrity and intent, is accountable for own actions, behaves according to the company values.
• Act as a good citizen of the company.

$ads={2}

 

.