Application Security Engineer

We are looking for an Application Security Engineer to join the Information Security Team. 
 

The Application Security Engineer will work closely with software development teams, product owners, and stakeholders to design, implement, and maintain robust security practices throughout the software development lifecycle (SDLC). The Application Security Engineer will be responsible for identifying and mitigating security vulnerabilities within applications, systems, and APIs, ensuring secure coding practices, and helping to maintain compliance with relevant security standards such as OWASP Top 10, NIST, and ISO/IEC 27001.
 

This role will play a crucial part in strengthening the organization’s security posture, promoting security best practices, and ensuring the safety and integrity of the company’s software applications.
 

We expect the Application Security Engineer to:
 

• Conduct regular security assessments of applications, including code reviews, static/dynamic analysis, and penetration testing.
• Collaborate with development teams to design and implement security controls and integrate security into the software development lifecycle (SDLC).
• Lead and participate in the identification and remediation of security vulnerabilities in applications, APIs, and third-party services.
• Provide security guidance on secure coding practices, threat modeling, and vulnerability management to development teams.
• Implement and enforce security best practices for secure coding, API security, and encryption across application architectures.
• Stay up-to-date with the latest security threats, vulnerabilities, and trends, applying relevant knowledge to mitigate risks in applications.
• Develop and maintain automated security testing tools, frameworks, and processes for continuous security integration within CI/CD pipelines.
• Support risk assessments and threat modeling for new and existing applications, helping to prioritize security remediation efforts.
• Participate in incident response activities related to application security, providing expertise to investigate and remediate security breaches.
• Create and deliver security training and awareness programs for developers to promote a culture of security within the development teams.
• Support vulnerability management and remediation efforts, tracking and verifying the resolution of identified issues.
• Ensure compliance with internal security standards and external regulatory requirements (e.g., GDPR, PCI-DSS, HIPAA).
• Collaborate with cross-functional teams, including DevOps, infrastructure, and security operations, to ensure a cohesive approach to application security.