We are looking for an Application Security Engineer to join our growing Information Security team. In this role, you’ll collaborate with development, DevOps, and security teams to help build secure software at every stage of the SDLC. Your work will directly contribute to the protection of sensitive data, systems, and client trust across our digital landscape.
Job Duties
Partner with application delivery and DevOps teams to embed security into the SDLC and perform or facilitate the following functions:
Conduct secure code reviews and perform SAST, DAST, and manual security assessments.
Perform threat modeling and risk analysis for new and existing application architectures.
Define, implement, and automate application security testing in CI/CD pipelines.
Deploy and manage tools such as Snyk, Veracode, OWASP ZAP, Burp Suite, and Checkmarx.
Provide actionable remediation guidance to developers and promote secure coding best practices.
Deliver targeted security training sessions for development and engineering teams.
Assist with incident response for application-related security events, including root cause analysis and follow-up improvements.
Monitor and ensure adherence to industry frameworks and standards (e.g., OWASP, NIST, PCI-DSS).
Define and maintain secure development policies and reference architectures.
Stay ahead of emerging threats, zero-day vulnerabilities, and innovative security solutions.
Research and recommend new tools and practices to strengthen our application security posture.
Qualifications
Education:
Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
Experience
3-5 years of experience in application security, software development, or DevSecOps roles.