Application Security Engineer

Application Security Engineer

Key Responsibilities:

• Conduct hands-on security testing of web applications, mobile apps, cloud environments, and APIs, identifying security vulnerabilities based on industry-standard methodologies (e.g., OWASP, SANS, NIST).
• Evaluate the risk and severity of discovered vulnerabilities using frameworks such as CVSS and document findings with clear Proof-of-Concepts (PoCs), highlighting real-world business impact and custom remediation guidance.
• Collaborate with development teams to explain vulnerabilities, answer technical queries, and recommend secure coding practices and mitigation strategies.
• Participate in research and development (R&D) initiatives, including the discovery of new attack vectors, tooling improvements, and security automation.
• Contribute to secure SDLC processes, including secure design reviews, code reviews alongside DevOps and architecture teams.
• Assist in conducting threat simulations, adversary emulation, and red team exercises when required.
• Maintain awareness of emerging threats, CVEs, and vulnerability trends affecting web, mobile, and cloud technologies.

Required Skills & Tools

• 2-3 years of hands-on experience in security testing or penetration testing across web, mobile, API, and/or network layers.
• Bachelors degree in Computer Science or a related technical field (or equivalent experience).
• Having published CVEs is considered a strong advantage.
• Solid knowledge of OWASP Top 10, MITRE ATT&CK, and Secure Coding Guidelines.
• Strong understanding of manual testing approaches — not just tool-assisted scans.
• Hands-on experience with reporting, PoC generation, and remediation consulting.
• Scripting or automation skills in Python, Bash for creating custom tools.
• Effective communication skills to interact with both technical and non-technical stakeholders.