Identify vulnerabilities, work with development teams to remediate risks.
Implement security best practices and tools to ensure compliance with relevant standards.
Perform manual and automated security assessments of web, mobile, and cloud applications.
Collaborate with development and engineering teams to embed security into SDLC (DevSecOps).
Conduct secure code reviews, threat modeling exercises, and risk assessments.
Implement and manage application security tools (SAST, DAST, SCA, IAST).
Design and enforce security policies, standards, and procedures for application development.
Monitor, triage, and respond to application-layer vulnerabilities and incidents.
Work closely with QA and engineering teams to drive security testing and fix validation.
Lead the Incident Response effort for application-related security events.
Stay current on the latest security threats, vulnerabilities, and industry's best practices.
Conduct developer training and promote a security-first culture within engineering.
Cross-train team members on Application Security principles.
Participate in broader corporate security efforts, including infrastructure security and vulnerability management.

Overall 8+ years of experience
Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
5+ years in application security, secure software development, and penetration testing.
Strong understanding of web technologies (HTML, JavaScript, Python, REST APIs, etc.).
Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/DC pipelines for automated security testing.
Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices.
Knowledge of cloud environments (AWS, Azure, GCP) and their security features.
Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

Senior Application Security Engineer

Key skills