Application Security Engineer

About the Role

We are looking for a highly skilled Application Security Engineer to strengthen our security posture across products and platforms. The role involves working with industry-leading tools such as Checkmarx, Zafran, ThreatModeler, and Qualys to proactively identify, assess, and mitigate security risks.

You will collaborate closely with development, DevOps, cloud, and architecture teams to implement secure coding practices and integrate security throughout the SDLC.

Key Responsibilities

• Perform SAST scans using Checkmarx; analyze vulnerabilities and coordinate remediation with development teams.
• Use Zafran for advanced code analysis and automated security insights.
• Build, update, and maintain threat models using ThreatModeler to ensure secure application design.
• Conduct vulnerability scanning and compliance assessments using Qualys.
• Integrate AppSec tools into CI/CD pipelines and automate routine security checks.
• Conduct manual code reviews, threat assessments, and risk evaluations.
• Provide security guidance to engineering teams and lead secure coding initiatives.
• Document vulnerabilities, remediation plans, and best practices.

Required Skills & Qualifications

• Strong understanding of Application Security, OWASP Top 10, and secure coding standards.
• Hands-on experience with:
• Checkmarx (SAST)
• Zafran security scanning/analysis tools
• ThreatModeler (Threat Modeling)
• Qualys (Vulnerability Management & Compliance)
• Experience working with CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI, Azure DevOps, etc.).
• Knowledge of API security, cloud environments (AWS/Azure/GCP), and DevSecOps principles.
• Ability to interpret complex security issues and communicate them clearly.