Application Security Engineer

Job Summary:

A Security Engineer will be responsible for ensuring the security and privacy of the company's products and services. This role will be vital to shaping the company's security strategy by working closely with development teams to identify, evaluate, and mitigate potential security risks, and to ensure that all products are designed, built, and deployed with security as a critical consideration.

Roles and Responsibilities:

1. Embed security in all products and services, including architecture, development, deployment, and maintenance, through the SSDLC program.
2. Perform threat modeling, security reviews, code assessments, penetration testing, and overall application security evaluations.
3. Develop and implement security policies, standards, and guidelines to secure product development processes.
4. Identify and mitigate security risks across the product life cycle with practical solutions.
5. Continuously enhance the organization's security posture through technical improvements and process optimization.
6. Assist in incident response and support vulnerability remediation efforts with technical expertise.
7. Stay informed about emerging security threats and technologies, and integrate improvements into the application security strategy.
8. Drive the adoption of shift-left security practices to ensure security is considered early in the development process.
9. Collaborate with DevOps and IT teams to integrate security into the CI/CD pipeline and drive security automation initiatives such as SAST, DAST, and IAST.
10. Measure and improve security maturity using frameworks such as the DevSecOps Maturity Model.
11. Ensure compliance with industry standards and regulations, including ISO 27001, GDPR, and PCI DSS.
12. Promote security awareness across development teams and establish secure coding practices through continuous education.

Experience & Skills:

1. Strong understanding of security principles and methodologies, with experience securing systems at scale.
2. Proficiency in application security engineering, vulnerability assessments, and incident response.
3. Expertise in web, mobile, and cloud security and familiarity with tools like OWASP and SANS frameworks.
4. Mobile Application Testing, API Security Testing, Web Application Testing, Cloud Security
5. Strong problem-solving skills with the ability to address complex security issues.
6. Excellent communication and collaboration skills, with experience working across development and operations teams.
7. Expertise in ISO/IEC 27001, ISO 27017, ISO 27018, SOC 2, and PCI DSS is highly desirable.