7+ years of hands-on experience in application security, with a strong focus on vulnerability scanning, remediation, and secure SDLC integration.
Expertise in Veracode and Netsparker (or equivalent SAST/DAST tools) including configuration, scan execution, result interpretation, and remediation guidance.
Proven experience in automating security testing in CI/CD environments using tools like Jenkins, Azure DevOps, GitHub Actions, or CloudBees.
Strong understanding of OWASP Top 10, common web application vulnerabilities (e.g., SQLi, XSS, CSRF, SSRF, IDOR), and secure coding standards.
Experience with Java, .NET, C#, Spring Boot, React, REST APIs, Microservices, and cloud platforms (AWS, Azure).
Familiarity with security compliance frameworks such as ISO 27001, ISO 27701, PCI-DSS, HIPAA, and SOC 2.
Excellent communication skills able to explain technical risks to non-technical stakeholders and guide developers through remediation.
Bachelors degree in Computer Science, Information Security, or related field (Masters preferred).

Security Engineer