Application Security Engineer

We are looking for an Application Security Engineer to help build security into the software development lifecycle across our products and platforms.

In this role, you will work closely with Engineering, DevOps, Architecture, and Security teams to integrate security controls into development processes, identify risks early, and help teams build secure solutions without unnecessary bureaucracy.
 

Responsibilities

• Define and validate security requirements for applications, APIs, integrations, and new services.
• Participate in architecture and design reviews to identify security risks at early stages.
• Build and improve Secure Software Development Lifecycle (SSDLC) practices.
• Integrate security controls into CI/CD pipelines, including SAST, DAST, SCA, Secret Scanning, Container and IaC Scanning.
• Perform security assessments of web applications, APIs, backend services, and AI-driven solutions.
• Support development teams with remediation activities, secure coding practices, and security best practices.
• Develop security standards, baselines, templates, and engineering guidelines.
   

Requirements

• 2+ years of experience in Application Security, DevSecOps, Security Engineering, or a similar role.
• Strong understanding of SSDLC and secure development practices.
• Hands-on experience with SAST, DAST, SCA, threat modeling, and security reviews.
• Good knowledge of OWASP Top 10, OWASP ASVS, API Security, Authentication, Authorization, and Secure Design principles.
• Experience integrating security controls into CI/CD pipelines.
• Familiarity with container security and Kubernetes environments.
• Experience with Infrastructure as Code security (Terraform is a plus).
• Scripting skills in Python and/or PowerShell.
• Understanding of software supply chain security and dependency management.
• Strong communication skills and ability to work effectively with engineering teams.
   

Nice to Have

• Experience with Bug Bounty programs or CTFs.
• Experience securing AI/ML systems and services.
• Experience with Azure, AKS, GitHub Enterprise, Checkmarx, Trivy, or similar tooling.