This is a remote position.

We are seeking a skilled Application Security Engineer to drive secure development practices and manage end-to-end application security testing, vulnerability management, and DevSecOps integration. The role requires hands-on experience in SAST/DAST tools, vulnerability scanning, CI/CD security integration, and manual security testing across web and API-based applications.

Key Responsibilities

·       Perform application security assessments for web and API applications

·       Integrate security into Secure SDLC (SSDLC) and DevSecOps pipelines

·       Conduct threat modeling and security design reviews

·       Execute vulnerability scans using tools like Tenable

·       Analyze results from SAST, DAST, and manual testing

·       Document findings including severity, exploitability, reproduction steps, and remediation guidance

·       Integrate and maintain SAST/DAST tools within CI/CD pipelines

·       Perform vulnerability validation, PoC development, and false-positive analysis

·       Apply risk-based prioritization and track remediation to closure

·       Provide L2/L3 support, incident investigation, and root cause analysis (RCA)

·       Maintain AppSec documentation, audit evidence, and compliance reports

·       Track and report vulnerability metrics, scan coverage, and remediation status

Required Skills

·       Strong experience in Application Security (Web & API Security Testing)

·       Expertise in OWASP Top 10 vulnerabilities and remediation techniques

·       Hands-on experience with SAST tools (Checkmarx, Veracode, SonarQube)

·       Hands-on experience with DAST tools (Burp Suite, OWASP ZAP)

·       Experience with vulnerability scanning tools (Tenable preferred)

·       Knowledge of Secure SDLC and DevSecOps practices

·       Strong understanding of HTTP, REST APIs, authentication (OAuth, JWT)

·       Proficiency in Python / Bash / PowerShell scripting

·       Experience with CI/CD tools and pipeline security integration

·       Familiarity with JIRA / ServiceNow or similar tracking tools

Preferred Qualifications

·       Experience in manual penetration testing and exploit development

·       Exposure to red team techniques and offensive security testing

·       Experience in cloud environments (AWS / Azure / GCP)

·       Knowledge of container and microservices security (Docker, Kubernetes)

·       Experience supporting SOC 2, ISO 27001, or similar audits

Certifications (Preferred)

·       OSCP / OSWE / GWAPT / eWPT

·       CEH (Certified Ethical Hacker)

·       CISSP / CSSLP

·       AWS Security Specialty / Azure Security Engineer

·       Certified Kubernetes Security Specialist (CKS)

Soft Skills

·       Strong analytical and problem-solving skills

·       Excellent communication and collaboration with engineering teams

·       Ability to work in SLA-driven environments

·       Detail-oriented with strong documentation skills