We are seeking a highly skilled and proactive Senior Application Security Engineer to join our growing security team.
You will be responsible for securing our applications throughout the software development lifecycle (SDLC). This includes
- identifying vulnerabilities,
- working with development teams to remediate risks, and
- implementing security best practices and tools to ensure our applications are robust, secure, and compliant with relevant standards.
Responsibilities:
Perform manual and automated security assessments of web, mobile, and cloud applications
Collaborate with development and engineering teams to embed security into SDLC (DevSecOps)
Conduct secure code reviews, threat modeling exercises, and risk assessments to identify security weaknesses in application design.
Implement and manage application security tools (SAST, DAST, SCA, IAST)
Design and enforce security policies, standards, and procedures for application development
Monitor, triage, and respond to application-layer vulnerabilities and incidents
Work closely with QA and engineering teams to drive security testing and fix validation
Lead the Incident Response effort for application-related security events.
Stay current on the latest security threats, vulnerabilities, and industry's best practices
Conduct developer training and promote a security-first culture within engineering
Cross-train team members on Application Security principles.
Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management.
Rquirements:
Overall 8+ years of experience
Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
5+ years in application security, secure software development, and penetration testing.
Strong understanding of web technologies (HTML, JavaScript, Python, REST APIs, etc.).
Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/DC pipelines for automated security testing.
Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices.
Knowledge of cloud environments (AWS, Azure, GCP) and their security features.
Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.
Preferred Qualifications:
Industry certifications such as CSSLP, GWAPT, OSCP, or CEH
Experience with container security and CI/CD pipeline integration
Familiarity with regulatory and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS)
Prior experience working in agile, DevOps, or fast-paced development environments
Diese Cookies sind für das Funktionieren der Website erforderlich und können in unseren Systemen nicht abgeschaltet werden. Sie können Ihren Browser so einstellen, dass er diese Cookies blockiert, aber dann könnten einige Teile der Website nicht funktionieren.
Sicherheit
Benutzererfahrung
Zielgruppenorientierte Cookies
Diese Cookies werden über unsere Website von unseren Werbepartnern gesetzt. Sie können von diesen Unternehmen verwendet werden, um ein Profil Ihrer Interessen zu erstellen und Ihnen an anderer Stelle relevante Werbung zu zeigen.
Google Analytics
Google Ads
Wir benutzen Cookies
🍪
Unsere Website verwendet Cookies und ähnliche Technologien, um Inhalte zu personalisieren, das Nutzererlebnis zu optimieren und Werbung zu indvidualisieren und auszuwerten. Indem Sie auf Okay klicken oder eine Option in den Cookie-Einstellungen aktivieren, stimmen Sie dem zu.
Die besten Remote-Jobs per E-Mail
Schliess dich über 5'000+ Personen an, die wöchentlich Benachrichtigungen über Remote-Jobs erhalten!
