Senior Application Security Engineer

Role Summary:

The Senior Application Security Engineer is responsible for ensuring the security of an organizations products throughout their lifecycle. This role also consults with security adjacent stakeholders and business units to provide suggestions, education, guidance and feedback from a security perspective.

Experience Range: 5-7 yrs

• Risk Assessment and Mitigation: Perform threat modelling application design solutions and vulnerability assessments to identify relevant risks, security gaps or risks in product design and development.
• Secure Development Practices: Implement security tooling and automation to scale the Application Security teams practices. Advocate for and integrate security best practices in the Software Development Lifecycle (SDLC). Conduct code reviews, penetration testing, and static/dynamic analysis. Ensure compliance with industry standards (e.g., AICPA SOC2, HIPAA, PCI DSS, SOX ISO 27001, NIST CSF).
• Security Architecture and Development: Working with product and engineering teams to design, program development, software development and implement security controls and protections within the product via automation. This task ensures the product is built with security in mind from the ground up. Integrate security tools and technologies into the CI/CD pipeline (e.g., static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and infrastructure-as-code (IaC) scanning).
• Planning, Collaboration and Training: Product roadmap planning with key stakeholders, collaboration with cross functional teams to develop mitigation strategies. Working closely and mentor Product, Engineering, and IT teams for security best practices. Provide security training and awareness for developers and stakeholders.
• Compliance and Reporting: Maintain documentation of security controls and processes. Prepare reports on security risks and mitigation efforts for management and regulatory bodies. Audit source code and perform code review for critical application changes

In short, the key skillsets we are looking is:

• Threat Modelling, Penetration testing, Security design, DevSecOps, code review

You Thrive Here By Possessing the Following:

• 5+ years of experience in an application security role.
• Bachelors degree in Computer Science, Cybersecurity, or a related field.
• Experience leading architectural changes or complex cross team efforts to mitigate security vulnerabilities.
• Strong understanding of:
• Threat modelling methodologies such as MITRE ATT&CK, STRIDE, and PASTA;
• Amazon AWS Services, MS Azure and their capabilities;
• Securing web applications;
• Orchestration tools (ex. Anisible, Terraform).
• Experience with frameworks such as OWASP Top 10, SAST/DAST tools, and CI/CD pipelines.
• Fluency in Python, React, and Django Rest Framework.
• Experience with manual source code review, and embedding security to code in production environments.
• Experience with deploying application security tools in the CI/CD pipeline.
• Experience with securing software development lifecycle including building programs. that eliminate full classes of vulnerabilities.
• Excellent communication and interpersonal skills.
• Ability to work independently and within a team.
• Strong organizational and time-management abilities.

Preferred Qualifications

• Certifications such as CISSP, CSSLP, CEH, or equivalent.
• Experience in IoT, embedded systems, or mobile app security.
• Knowledge of regulatory and compliance standards (e.g., AICPA SOC2, NIST CSF, GDPR, HIPAA)