Application Security Engineer

We are looking for an experienced Application Security Engineer to join our cybersecurity team and drive secure development practices across the software development lifecycle. The ideal candidate has a strong background in CI/CD security tooling, application vulnerability management, and cloud security monitoring. You will play a key role in enabling developers to build secure software and protecting applications from internal and external threats.

Responsibilities

• Lead the integration of security tools into CI/CD pipelines across various environments.
• Perform root cause analysis of vulnerabilities, and partner with developers to implement tailored remediation and mitigation strategies aligned with business risk.
• Conduct regular penetration testing of web applications and APIs to identify security weaknesses and provide actionable recommendations.
• Integrate and maintain open-source SAST solutions into CI/CD workflows, and route findings to vulnerability management platforms such as DefectDojo.
• Develop and deploy custom monitoring tools to detect publicly exposed objects in AWS and Google Cloud Storage.
• Build and maintain monitoring capabilities for API Gateway activity to enhance visibility and detect suspicious behavior.
• Collaborate with DevOps and development teams to embed security best practices into infrastructure and deployment workflows.
• Support ongoing efforts to improve security posture and meet compliance and audit requirements related to secure software development.

Required Qualifications

• 4–7 years of experience in application security, DevSecOps, or product security roles.
• Proven experience with commercial SAST/SCA/DAST tools.
• Hands-on experience conducting application penetration testing and interpreting the results.
• Strong knowledge of CI/CD platforms such as GitLab CI, Jenkins, GitHub Actions, or CircleCI.
• Experience integrating SAST tools and vulnerability tracking platforms (e.g., DefectDojo) into developer workflows.
• Proficiency with cloud platforms, particularly AWS and Google Cloud, and exposure to security monitoring in cloud environments.
• Familiarity with API Gateway, cloud storage configurations, and monitoring.
• Strong scripting or automation experience using Python, Bash, or similar languages is a plus.
• Excellent communication skills, with the ability to explain technical issues to developers and leadership.