Application Security Engineer

We are seeking a highly skilled and motivated Application Security Engineer to join our cybersecurity team. This role is critical in designing and implementing a robust DevSecOps model, integrating Secure Software Development Lifecycle (SSDLC) practices, and conducting application penetration testing prior to production releases. The ideal candidate will work closely with development, DevOps, and product teams to embed security into every phase of the software lifecycle.

RESPONSIBILITIES

DevSecOps Integration:

• Design and implement automated security controls within CI/CD pipelines.

• Integrate SAST, DAST, SCA, and container security tools.

• Collaborate with DevOps to ensure secure deployment practices.

SSDLC Implementation:

• Define and enforce security checkpoints across the SDLC.

• Develop secure coding guidelines and conduct developer training.

• Perform threat modeling and risk assessments during design phases.

Application Security Testing:

• Conduct manual and automated penetration testing for web, mobile, and API-based applications.

• Identify vulnerabilities and provide actionable remediation guidance.

• Validate fixes and ensure secure go-live readiness.

Security Governance & Compliance:

• Maintain security documentation and ensure alignment with industry standards (OWASP, NIST, ISO).

• Support internal and external audits related to application security.

• Bachelor’s or master’s degree in computer science, Cybersecurity, or related field.

• 3+ years of experience in application security, DevSecOps, or penetration testing.

• Strong understanding of CI/CD tools (Jenkins, GitLab, Azure DevOps, etc.).

• Hands-on experience with security tools: Burp Suite, OWASP ZAP, SonarQube, Checkmarx, Fortify, etc.

• Familiarity with cloud platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes).

• Certifications such as OSCP, GWAPT, CSSLP, or CEH are a plus.

• Excellent communication and collaboration skills.