ApplicationSecurityEngineer

## Accountabilities Identify, analyze, and remediate application security vulnerabilities using modern application security posture management (ASPM) tools and related security technologies. Build, maintain, and enhance ASPM tools, rules, and automation to strengthen application security across engineering teams. Integrate security best practices into the software development lifecycle (SDLC) in close collaboration with development and platform engineering teams. Conduct manual and automated penetration testing to identify weaknesses in applications and supporting infrastructure. Lead threat modeling sessions and risk assessments for both new and existing applications to proactively address security risks. Develop, maintain, and promote secure coding standards and guidelines for engineering teams. Serve as a subject matter expert in application security, providing guidance and support to internal teams across the organization. Stay up to date with emerging security threats, vulnerabilities, attack techniques, and mitigation strategies. Contribute to the continuous improvement of security engineering processes, automation, and tooling. Requirements Minimum of 4 years of experience in application security, secure software development, or related cybersecurity engineering roles. Strong understanding of application security risks, including OWASP Top 10 and common web and system vulnerabilities. Hands-on experience with secure coding practices in languages such as Python, Go, Java, or JavaScript. Proficiency in at least one programming language (e.g., Go or Python) with willingness to learn additional technologies. Practical experience with security testing tools such as Burp Suite, OWASP ZAP, Semgrep, or equivalent solutions. Experience conducting threat modeling exercises and security risk assessments. Solid understanding of authentication and authorization protocols such as SAML, OAuth, or OIDC. Strong analytical thinking and problem-solving skills with attention to