Senior Application Security Engineer

Summary

Join our leading global security authority as a Senior Application Security Engineer and play a crucial role in safeguarding our web applications. Integrate security practices into the Software Development Life Cycle (SDLC), proactively identifying, assessing, and mitigating security vulnerabilities. Develop and drive the adoption of DevSecOps practices, ensuring security is embedded in all phases of software development. This remote position requires leading security integration into the SDLC, conducting security assessments and penetration testing, advising on application design, performing code reviews, and leading threat modeling. You will collaborate with development teams, contribute to security tooling, develop secure deployment frameworks, and work cross-functionally to communicate security policies. Stay updated on security threats and technologies, assist in policy development, manage the bug bounty program, and develop program documentation. Mentor junior team members and support leadership in defining and executing the DevSecOps roadmap.

Requirements

• Bachelor’s or master’s degree in computer science, cybersecurity, or a related field
• Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable
• 5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC
• Experience with red team implementation and methodologies
• Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies
• Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities
• Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell
• Excellent communication skills with the ability to engage technical and non-technical stakeholders
• Strong analytical and problem-solving abilities, with a meticulous attention to detail
• Advanced level of knowledge of Information Security design concepts and principles

Responsibilities

• Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design
• Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps
• Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices
• Perform and coordinate manual and automated code reviews
• Lead threat modeling exercises across engineering teams
• Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring
• Contribute to internal security tooling development or integration
• Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow
• Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively
• Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner
• Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices
• Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations
• Assist with managing bug bounty program
• Develop program documentation to promote operational stability and scalability
• Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives
• Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC
• Drive and support security identified remediation efforts
• Foster and promote a security-forward culture
• Mentor junior team members
• Other duties and responsibilities, as assigned

Preferred Qualifications

• Master's degree in a technical discipline
• Experience working in highly regulated environments
• Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)
• Certified Information Systems Auditor (CISA)
• AWS Solutions Architect

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance
• Sabbatical