Application Security Engineer

Job Summary

We are looking for a motivated Application Security Engineer with hands-on experience in Veracode and basic knowledge of secure development practices. The role involves supporting the setup, integration, and daily operations of application security scanning within CI/CD pipelines. You will work closely with development and security teams to ensure vulnerabilities are identified, tracked, and remediated.

Key Responsibilities

• Identify applications, repositories, and pipelines that require security scanning.
• Assist with creating Veracode accounts and configuring user access.
• Run initial scans and help establish a security baseline.
• Support Veracode integration with CI/CD tools (Jenkins, Azure DevOps, GitHub).
• Help configure scanning policies, thresholds, and automated workflows.
• Guide developers on reading Veracode reports and addressing findings.
• Work with security champions to manage basic policy updates and triage issues.
• Maintain documentation for scan setup, scheduling, and reporting.
• Track open vulnerabilities and support SLA adherence.
• Assist in feeding findings into tools like ServiceNow.
• Monitor ongoing scans and ensure they run across all required pipelines.
• Support the operations team with basic admin tasks and troubleshooting.

Qualifications

• 14 years of experience in Application Security or DevSecOps.
• Basic hands-on experience with Veracode (SAST/DAST).
• Familiarity with CI/CD tools (Azure DevOps, Jenkins, GitHub).
• Understanding of secure coding concepts and vulnerability remediation.
• Good communication and documentation skills.