Senior Application Security Engineer

Our client is a global leader in AI-powered IT Service Management (ITSM), developing intelligent platforms that automate IT support processes and help organizations operate more efficiently. Their solutions are trusted by thousands of companies worldwide, simplifying complex IT operations and enabling teams to focus on strategic initiatives.

We are looking for a Senior Application Security Engineer with a strong software engineering background who has designed, developed, deployed, and maintained production systems before transitioning into application security. This role will serve as the security backbone of the R&D organization, ensuring security is embedded throughout the software development lifecycle and partnering closely with Engineering, DevOps, Architecture, and Product teams.

This is a highly visible, hands-on position reporting directly to the CISO, offering a clear growth path toward an Application Security Lead role and exposure to cloud security, AI security, and governance initiatives.

Who We're Looking For

• 5+ years of hands-on experience as a Software Developer, Backend Developer, Full-Stack Developer, or similar engineering role, with a proven track record of designing, building, shipping, debugging, and maintaining production software.
• Strong understanding of software development processes, engineering best practices, architecture, and SDLC methodologies.
• 2+ years of experience in Application Security, Product Security, or Secure SDLC, with a demonstrated transition from software engineering into security.
• Experience partnering closely with R&D and development teams, acting as a trusted security advisor who enables innovation while improving security posture.
• Hands-on experience implementing Secure SDLC practices within modern CI/CD environments (GitHub, GitLab, Jenkins, ArgoCD, or similar).
• Solid understanding of common application vulnerabilities, secure coding principles, OWASP Top 10, CWE/SANS Top 25, threat modeling methodologies (e.g., STRIDE, PASTA), and security architecture reviews.
• Experience with application security tools and practices, including SAST, DAST, SCA, secret scanning, and secure code review.
• Strong knowledge of API security and experience securing and testing REST and/or GraphQL APIs.
• Understanding of software supply chain security, including third-party dependency risks, SBOM concepts, open-source risk management, dependency confusion, and related attack vectors.
• Knowledge of cloud security fundamentals, preferably AWS, including IAM, containers/Kubernetes security, and Infrastructure as Code (Terraform or similar).
• Familiarity with SaaS and product company environments and the security challenges associated with cloud-native applications.
• Understanding of AI/LLM security risks, including prompt injection, data leakage, model abuse, agentic risks, and secure adoption of AI assistants within engineering and security workflows.
• Experience performing security-focused design, architecture, and threat modeling reviews.
• Excellent communication and stakeholder management skills, with the ability to influence teams without direct authority.
• Strong written and verbal English communication skills.

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent practical experience).

   

Role Focus

The primary focus of this role is the application security of the product.

Key responsibilities:

• Working closely with R&D teams on a daily basis.
• Helping developers build more secure products and adopt security best practices.
• Reviewing application designs and architectures from a security perspective.
• Identifying security risks in APIs, integrations, third-party libraries, and development processes.
• Managing vulnerabilities by analyzing, prioritizing, and supporting remediation efforts.
• Promoting and maintaining secure development practices across CI/CD pipelines.

• Applying and advocating security standards, frameworks, and industry best practices.

   

Nice to Have

• Penetration testing experience.
• Experience with bug bounty programs and vulnerability management.
• Strong knowledge of OWASP frameworks and methodologies.
• Hands-on experience with SAST, DAST, IAST, SCA, and secret-scanning tools.
• Cloud security experience (AWS, Azure, or GCP).
• AI / LLM security knowledge and practical experience.
• Security certifications such as CISSP, CSSLP, OSCP, OSWE, GWAPT, GPEN, CEH, GIAC certifications, or similar.