Principal Application Security Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Lead the creation and execution of sophisticated security practices, policies, and frameworks to uphold the integrity and confidentiality of our applications.

• Offer primary leadership to the application security program, assisting in the establishment of strategic direction, goals, and objectives to elevate the overall security posture of our applications.

• Create and enforce advanced application security practices, including secure coding standards, threat modeling methodologies, and secure software development lifecycle (SDLC) processes.

• Perform comprehensive application security assessments, which encompass code reviews, architecture reviews, and penetration testing, to detect and address intricate security vulnerabilities and risks.

• Collaborate effectively with development teams, architects, and stakeholders to provide expert advice on secure coding practices, security design principles, and the selection and implementation of security controls.

• Define and uphold application security policies, standards, and guidelines, ensuring they align with regulatory requirements and industry best practices.

• Promote the integration of security within the CI/CD pipeline and automated security testing tools and processes to facilitate secure and efficient application development and deployment.

• Assess and suggest emerging technologies, frameworks, and security tools to bolster application security capabilities, scalability, and efficiency.

• Lead incident response initiatives for application security incidents, collaborating with cross-functional teams to investigate, contain, and resolve security breaches or vulnerabilities.

• Remain informed about the latest application security threats, vulnerabilities, and attack vectors, providing strategic recommendations and guidance to mitigate emerging risks.

• Act as a subject matter expert and thought leader in application security, representing the organization at external forums, conferences, and industry working groups.

⛳️ Requirements

• Bachelor’s degree in computer science, Information Security, or a related field, or equivalent work experience.

• Over 10 years of progressive experience in application security, particularly in securing complex web and mobile applications.

• Extensive knowledge of application security principles, secure coding practices, secure architecture design, and vulnerability assessment techniques.

• Strong familiarity with web and mobile application frameworks, languages, and technologies (e.g., Java, .NET, JavaScript, Python, Android, iOS).

• Demonstrated experience in conducting advanced application security assessments, including code reviews, architecture reviews, and penetration testing.

• In-depth understanding of web application security vulnerabilities (OWASP Top Ten), advanced attack techniques, and mitigation strategies.

• Proven capability to develop and implement secure software development lifecycle (SDLC) processes and integrate security into DevOps and CI/CD practices.

• Expertise in cloud security concepts and practices, with practical experience in cloud-native environments (e.g., AWS, Azure, GCP).

• Strong scripting or programming abilities for automation and tooling (e.g., Python, Bash, PowerShell).

🏝️ Benefits

• Equal employment opportunity

• Work environment free of discrimination and harassment

• Opportunities for innovation and sharing ideas