Application Security Engineer

Key Responsibilities:

• Collaborate with development teams to integrate security controls into the software development lifecycle (SDLC).
• Conduct regular security assessments, including code reviews, vulnerability scans, and penetration testing, to identify and remediate security vulnerabilities in applications.
• Design and implement security solutions to protect against common security threats, such as SQL injection, cross-site scripting (XSS), and authentication bypass.
• Conduct threat modeling and architecture security review.
• Develop and maintain secure coding standards and guidelines for application developers.
• Monitor and analyze security incidents and provide timely response and resolution.
• Stay current with emerging threats, vulnerabilities, and industry best practices in application security.
• Participate in security incident response activities and contribute to post-incident reviews and remediation efforts.
• Collaborate with cross-functional teams to ensure security requirements are effectively integrated into product development processes.
• Deliver secured development training to developers. 

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field. 
• 5 years of experience in application security, with a focus on secure software development practices.
• Previous experience in a product company. 
• Strong understanding of web application security concepts and protocols (e.g., OWASP Top 10, SSL/TLS, OAuth).
• Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, or Nessus.
• Proficiency in programming languages such as Ruby, Python, or JavaScript.
• Experience with cloud security principles and best practices (e.g., AWS, Azure, GCP).
• Excellent communication skills and ability to effectively communicate security risks and recommendations to technical and non-technical stakeholders.