Cyber Security Engineer ( AppSec ) IT Security

We are looking for a skilled and motivated Application Security Engineer to join our growing IT Security team. The ideal candidate will have hands-on experience in secure code review, DevSecOps integration, and working closely with development teams to embed security throughout the software development lifecycle (SDLC).

Roles and Responsibilities:

- Conduct secure code reviews to identify and remediate vulnerabilities early in the SDLC.

- Integrate security testing tools into CI/CD pipelines to enable continuous and automated application security scanning.

- Collaborate with DevOps, QA, and development teams to ensure the timely resolution of security issues.

- Perform threat modeling for new features and system designs.

- Execute application security testing, including SAST, DAST, SCA, and API security assessments.

- Participate in risk assessments and support secure architecture reviews.

- Ensure compliance with security standards and frameworks such as PCI DSS 4.0, ISO 27001:2022, and NIST CSF 2.0.

- Stay up to date with evolving application threats (e.g., OWASP Top 10, CWE Top 25).

- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.

- From 3 years of hands-on experience in application security or secure software development.

- Strong understanding of application security fundamentals and DevSecOps practices.

- Relevant certifications are a plus (e.g., GIAC GWAPT, GWEB, eWPT).

- Proficient in secure coding techniques (e.g., input validation, secure authentication, error handling).

- Familiarity with standards like OWASP ASVS, ISO 27001, and PCI DSS.

- Strong collaboration skills and ability to work with global or distributed development teams.

- Analytical thinking and excellent communication skills (written and verbal).

- Ability to travel when required to support regional business needs.