Application Security Engineer

Job Title: Application Security Engineer Experience: 5+ Years Employment Type: Full-time Department: Information Security / Engineering Job Summary: We are seeking a skilled and proactive Application Security Engineer to join our growing security team. This role involves conducting in-depth security assessments, embedding security practices into the SDLC, and collaborating with cross-functional teams to secure applications and systems. The ideal candidate has a solid foundation in application security, strong technical acumen, and experience working in Agile and DevOps environments. Key Responsibilities: Conduct comprehensive security assessments of web and mobile applications, analyzing source code, architecture, and deployment configurations. Integrate security best practices into the Software Development Life Cycle (SDLC) and guide developers on secure coding standards. Perform static code analysis, dynamic application testing, and penetration testing using industry-standard tools. Investigate and respond to security incidents, assisting in root cause analysis and remediation strategies. Prepare and maintain documentation such as security requirements, design documents, and security testing reports. Assist in the design and implementation of security controls to safeguard sensitive data and business-critical systems. Monitor emerging security threats and suggest improvements based on industry trends and best practices. Support and advise developers, architects, and business stakeholders on application security risks and mitigations. Participate in internal audits, compliance checks, and security reviews to ensure alignment with standards and policies. Evaluate third-party components, services, and vendors to assess their security posture. Required Qualifications: Bachelor's degree in Computer Science, Information Security, or related field. 5+ years of experience in application security with hands-on experience using security testing tools and techniques. Deep understanding of web and application security, including OWASP Top 10 and secure coding practices. Experience with tools like Burp Suite, OWASP ZAP, SonarQube, Checkmarx, and Snyk. Proficiency in at least one programming language such as Java, Python, or JavaScript. Knowledge of Agile/DevOps environments and the integration of security into CI/CD pipelines. Strong analytical, problem-solving, and communication skills. Relevant certifications such as CISSP, CEH, CASE (Java), or equivalent are preferred. Ability to work independently in fast-paced environments and manage multiple priorities. Desired Skills: Familiarity with cloud security concepts and IAM across AWS, Azure, or GCP. Experience with container security for platforms like Docker and Kubernetes. Understanding of authentication mechanisms (e.g., OAuth 2.0, JWT) and encryption standards. Participation in bug bounty programs, Capture the Flag (CTF) competitions, or open-source contributions in the security space. Experience with scripting languages (e.g., Bash, PowerShell) for automation of security processes. Why Join Us? Be part of a mission-driven organization focused on building secure and resilient software systems. We offer the opportunity to work with cutting-edge technologies, shape enterprise security practices, and make a real impact.