We are looking for an Application Security Engineer with a strong engineering mindsetsomeone who has built and maintained technical systems and understands how products are developed endtoend. The ideal candidate may come from a security or product background, but must be deeply familiar with the SDLC, CI/CD pipelines, Git workflows, and modern software engineering practices. This role combines handson security engineering with enablement, governance, and crossteam collaboration.
The Security Engineer will drive application vulnerability management, embed security into development pipelines, and guide engineering teams in building secure-by-design applications. Strong communication skills and the ability to build trusted relationships across both technical and nontechnical stakeholders is essential.
Key Responsibilities:
Application Security
- Integrate security best practices into the SDLC and operate, tune, and maintain AppSec tooling (SAST, DAST, SCA).
- Provide secure design guidance, perform secure code reviews, reproduce issues, propose fixes, and validate remediations with developers.
Cloud & Kubernetes Security
- Embed security checks in CI/CD for container images, IaC, and Helm charts & contribute to runtime protections such as admission controls, policy-as-code, scanning, and drift detection.
- Promote secure infrastructure configurations and Kubernetes defaults (RBAC, network policies, PodSecurity, secrets handling, image provenance).
Vulnerability Management & Reporting
- Ensure CI/CD pipelines have robust, effective security coverage and manage exceptions & risk workflows.
- Maintain a consolidated vulnerability backlog with clear ownership and SLA tracking and build automated reporting using tools like Power BI or Excel/Pandas.
Enablement & Governance
- Develop secure coding standards and practical developer guidance.
- Run secure development forums, build and maintain strong relationship with engineering teams and drive application vulnerability management through engagements and reporting.
- Act as a trusted advisor to both engineers and leadership identifying and communicating risk clearly and persuasively.
