Application Security Engineer

Key Responsibilities:

• Collaborate with development teams to integrate security controls into the software development lifecycle (SDLC)
• Conduct regular security assessments, including code reviews, vulnerability scans, and penetration testing, to identify and remediate security vulnerabilities in applications
• Design and implement security solutions to protect against common security threats, such as SQL injection, cross-site scripting (XSS), and authentication bypass
• Conduct threat modeling and architecture security review
• Develop and maintain secure coding standards and guidelines for application developers
• Monitor and analyze security incidents and provide timely response and resolution
• Stay current with emerging threats, vulnerabilities, and industry best practices in application security
• Participate in security incident response activities and contribute to post-incident reviews and remediation efforts
• Collaborate with cross-functional teams to ensure security requirements are effectively integrated into product development processes
• Deliver secured development training to developers

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field
• 5 years of experience in application security, with a focus on secure software development practices
• Previous experience in a product company
• Strong understanding of web application security concepts and protocols (e.g., OWASP Top 10, SSL/TLS, OAuth)
• Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, or Nessus
• Proficiency in programming languages such as Ruby, Python, or JavaScript
• Experience with cloud security principles and best practices (e.g., AWS, Azure, GCP)
• Excellent communication skills and ability to effectively communicate security risks and recommendations to technical and non-technical stakeholders