Application Security Engineer

Join our dynamic team at Strategy as an Application Security Engineer and contribute significantly to the protection of our software applications by utilizing modern security practices and AI technologies. In this role, you will be instrumental in incorporating security measures throughout the software development lifecycle to ensure the robustness of our software products against potential vulnerabilities. Your responsibilities will include: Secure SDLC Integration: Collaborate closely with development teams to embed security practices into the software development lifecycle, encompassing threat modeling, secure code reviews, and security testing. Vulnerability Management: Identify, assess, and address security vulnerabilities through static and dynamic application security testing (SAST/DAST) as well as software composition analysis (SCA) tools. Security Assessments & Penetration Testing: Conduct both manual and automated penetration testing of web, mobile, and cloud applications to identify security weaknesses. Secure Code Review: Scrutinize source code and offer security recommendations to developers to ensure compliance with secure coding best practices. Threat Modeling & Risk Analysis: Perform threat modeling to predict potential attack vectors and enhance security architecture. DevSecOps Enablement: Support and enhance DevSecOps initiatives by integrating security automation into CI/CD pipelines. Incident Response & Remediation: Aid in investigating security incidents related to applications and collaborate with engineering teams to mitigate threats. Security Awareness & Training: Educate and guide developers on OWASP Top 10, SANS 25, and other security best practices. As an Application Security Engineer at Strategy, you will be based in Pune, India, working full-time in person from the Strategy Office a minimum of 4 days per week. Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field - Minimum 2 years of software development or software security experience in an agile environment - Proficiency with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP) - Fluency in one or more programming languages like Python, Java, JavaScript - Strong understanding of secure coding principles and application security frameworks - Knowledge of security tools, standards, and regulations (e.g., OWASP, NIST) - Experience with Generative AI and/or ML for innovative applications and cloud security best practices in AWS, Azure, or GCP - Strong work ethic, effective collaboration skills, and ability to communicate technical concepts clearly Please note that the recruitment process includes online assessments as the initial step (English, logic, design, technical), which will be sent via email. Kindly check your inbox, including the spam folder, for these assessments.,