Principal Application Security Engineer

As a highly experienced Principal, Application Security Engineer, you will play a crucial role in leading and evolving our global application security strategy. Your primary focus will be to ensure that our products and platforms are developed securely from the ground up and remain resilient in the face of an ever-changing threat landscape. Collaboration with engineering, product, DevOps, and Security teams will be key as you work to integrate security into our software development life cycle (SDLC), promote secure coding practices, and influence stakeholders and leaders throughout the organization. Your responsibilities will include developing application security strategies at a global level, designing and implementing secure applications, and consistently enhancing the SDLC process. You will conduct comprehensive security assessments, encompassing static and dynamic application security testing (SAST/DAST), threat modeling, web/mobile application and API penetration testing, and reviews of application architecture. Collaboration with various teams such as security operations, DevOps, development, networking, IT, and product teams will be essential to remediate issues and uphold a strong security posture. Additionally, you will contribute to the development and automation of security testing tools and processes, manage third-party penetration testing services, and deliver threat modeling training to development teams to bolster product security and mitigate risks. In the event of incident response (IR) activities related to application security, your assistance will be invaluable. To excel in this role, you should possess at least 7 years of experience in areas such as application security engineering, threat modeling, penetration testing, web application/API development (e.g., .NET/C#, Java, JavaScript), system administration, networking, and information security. Proficiency in web application/API testing, static code analysis, and web application vulnerability scanners is crucial. Industry certifications from reputable organizations like OffSec, SANS, or isc2 will be advantageous. Prior experience in a technical security engineering role involving mentorship or training is desirable. Effective communication skills, along with experience in presenting to both technical audiences and executive leadership, are important attributes for success in this position. This position is based in Mumbai/Bangalore and offers remote work flexibility. The ideal candidate should be able to join within 30 days. Join us in promoting United States Equal Opportunity Employment by being part of our dynamic team focused on enhancing application security and safeguarding our products and platforms.,