Senior Application Security Engineer

This is a fully remote position, open to applicants in India.

📋 Description

• Identify vulnerabilities and collaborate with development teams to address risks.

• Apply security best practices and utilize tools to ensure adherence to relevant standards.

• Conduct both manual and automated security evaluations of web, mobile, and cloud applications.

• Work in partnership with development and engineering teams to integrate security into the software development lifecycle (DevSecOps).

• Execute secure code reviews, engage in threat modeling exercises, and carry out risk assessments.

• Implement and oversee application security tools such as SAST, DAST, SCA, and IAST.

• Develop and enforce security policies, standards, and procedures for application development.

• Monitor, triage, and address application-layer vulnerabilities and incidents.

• Collaborate closely with QA and engineering teams to lead security testing and validate fixes.

• Spearhead the Incident Response efforts for security events related to applications.

• Keep up-to-date with the latest security threats, vulnerabilities, and industry best practices.

• Provide training for developers and foster a security-first culture within the engineering team.

• Cross-train team members on principles of Application Security.

• Engage in broader corporate security initiatives, including infrastructure security and vulnerability management.

⛳️ Requirements

• A minimum of 8 years of overall experience.

• Bachelor's degree in Computer Science, Cybersecurity, or a related discipline (or equivalent experience).

• At least 5 years of experience in application security, secure software development, and penetration testing.

• Strong grasp of web technologies, including HTML, JavaScript, Python, and REST APIs.

• Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/CD pipelines for automated security testing.

• Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices.

• Understanding of cloud environments such as AWS, Azure, and GCP, along with their security features.

• Excellent communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.

🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Comprehensive health, dental, and vision insurance.

• Generous paid time off and flexible working hours.

• Opportunities for professional development and training.

• Supportive work environment that promotes work-life balance.