Principal Application Security Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Lead the creation and execution of advanced security practices, policies, and frameworks to uphold the integrity and confidentiality of our applications.

• Provide key leadership to the application security program, assisting in setting the strategic direction, goals, and objectives to improve the overall security posture of our applications.

• Design and implement advanced application security practices, including secure coding standards, threat modeling methodologies, and secure software development lifecycle (SDLC) processes.

• Perform comprehensive application security assessments, including code reviews, architecture reviews, and penetration testing, to identify and address complex security vulnerabilities and risks.

• Collaborate closely with development teams, architects, and stakeholders to offer expert guidance on secure coding practices, security design principles, and the selection and implementation of security controls.

• Define and maintain application security policies, standards, and guidelines, ensuring they align with regulatory requirements and industry best practices.

• Propel the integration of security into the CI/CD pipeline and automated security testing tools and processes to facilitate secure and efficient application development and deployment.

• Assess and suggest emerging technologies, frameworks, and security tools to enhance application security capabilities, scalability, and efficiency.

• Lead incident response initiatives for application security incidents, collaborating with cross-functional teams to investigate, contain, and resolve security breaches or vulnerabilities.

• Keep abreast of the latest application security threats, vulnerabilities, and attack vectors, providing strategic recommendations and guidance to mitigate emerging risks.

• Act as a subject matter expert and thought leader on application security, representing the organization in external forums, conferences, and industry working groups.

⛳️ Requirements

• Bachelor’s degree in computer science, Information Security, or a related field - or equivalent work experience.

• Over 10 years of progressive experience in application security, with a focus on securing complex web and mobile applications.

• Extensive knowledge of application security principles, secure coding practices, secure architecture design, and vulnerability assessment techniques.

• Strong understanding of web and mobile application frameworks, languages, and technologies (e.g., Java, .NET, JavaScript, Python, Android, iOS).

• Proven track record in conducting advanced application security assessments, including code reviews, architecture reviews, and penetration testing.

• Deep knowledge of web application security vulnerabilities (OWASP Top Ten), advanced attack techniques, and mitigation strategies.

• Demonstrated ability to develop and implement secure software development lifecycle (SDLC) processes and incorporate security into DevOps and CI/CD practices.

• Expertise in cloud security concepts and practices, with practical experience in cloud-native environments (e.g., AWS, Azure, GCP).

• Strong scripting or programming capabilities for automation and tooling (e.g., Python, Bash, PowerShell).

• Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) and active involvement in industry forums or associations are highly desirable.

🏝️ Benefits

• Equal employment opportunity for all employees.

• Work environment free of discrimination and harassment.