APPLICATION SECURITY ENGINEER
Overview:
We are working on behalf of our client, a leading global financial organization, to recruit a Senior Application Security Engineer. This role offers the opportunity to work closely with development teams to ensure application security across the organization's global operations while contributing to the continuous improvement of secure software practices.
Role Description:
The Application Security Engineer will be responsible for identifying, assessing and mitigating application vulnerabilities. The role requires a strong development background, the ability to read and explain code deficiencies and experience guiding remediation efforts across multiple programming and scripting languages. The successful candidate will act as a subject matter expert, collaborating with security and development teams to uphold organizational security standards. This role reports to the Head of Application Security.
Key Responsibilities:
* Work closely with developers to review code, explain vulnerabilities and ensure issues are resolved prior to production release.
* Conduct and manage assessments using SAST, SCA, DAST, IAST and container security tools.
* Collaborate with security architecture and vulnerability management teams to ensure vulnerabilities are reported, validated and remediated according to SLAs.
* Contribute to the development and maturation of CI/CD pipelines to integrate security controls and automated vulnerability detection.
* Publish and present management reports on the state of the Application Security program across the organization.
* Perform manual testing to validate vulnerabilities or penetration testing findings.
* Occasionally support projects outside normal working hours, including evenings or weekends, based on business needs.
Qualifications and Skills:
* 7+ years of experience as an Application Security Analyst or Application Penetration Testing Analyst.
* Strong programming skills in C#, C++, Java, Python and .Net, with the ability to read and interpret code vulnerabilities.
* Experience writing code fixes and automation scripts to support internal cybersecurity initiatives.
* 4+ years of experience with SAST or DAST; 2+ years with container security technologies.
* Comprehensive understanding of Secure Software Development Lifecycle (SSDLC) practices.
* Strong knowledge of OWASP Top 10, CWE and common software threats and mitigations.
* Detail-oriented with experience creating process documentation.
* Familiarity with Jira and Confluence.
* Bonus: Bug bounty program or penetration testing experience.
* Excellent verbal and written communication skills with the ability to convey technical information clearly to multiple stakeholders.
* Self-motivated, disciplined and able to prioritize multiple tasks and projects effectively.
* Ability to demonstrate leadership within a team and take accountability for outcomes.