Job Title: Application Security Engineer Code Remediation
Experience - 5-8 years
Employment Type- Contract (3 months with possibility of further extension)
About the Role: We are seeking a highly skilled Application Security Engineer Code Remediation to join our client's growing team. This role is focused on analyzing, identifying, and remediating security vulnerabilities in both legacy and modern applications. You will work closely with development, QA, and security teams to ensure enterprise-grade security hygiene in all application codebases.
If you're passionate about writing secure code, eliminating OWASP Top 10 vulnerabilities, and securing systems end-to-end, we'd love to speak with you.
Key Responsibilities
- Analyse security vulnerability reports (SAST, DAST, penetration tests) and implement remediation strategies across:
-Classic ASP, ASP.NET (C#), Perl, Java
-React, JavaScript, HTML
- Perform hands-on code remediation for OWASP Top 10 issues, including:
- SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Direct Object References, and more
- Refactor insecure SQL queries to prevent injection and enforce database-layer security.
- Configure and harden IIS servers:
- Apply security headers, enforce HTTPS, and disable insecure modules.
- Secure SQL Server configurations and eliminate insecure deployment patterns.
- Collaborate with developers to introduce and enforce secure coding standards.
- Validate fixes through static/dynamic scanning and manual security validation.
- Document all remediation actions, accepted risks, and security changes thoroughly.
- Assist in threat modelling and risk assessments for both legacy and modern applications.
- Mentor junior developers and share best practices in secure software development.
Key Skills & Technologies
- Strong programming/debugging experience in Classic ASP, ASP.NET (C#), Perl, Java, React, JavaScript
- Deep understanding of OWASP Top 10 and secure coding principles
- Experience with static and dynamic application security testing tools (Fortify, Veracode, Burp Suite, etc.)
- Strong understanding of IIS and SQL Server security configurations
- Proficient in writing secure, parameterised SQL queries
- Familiarity with secure SDLC and CI/CD pipelines (optional but preferred)
Ideal Candidate Profile
- 48 years of experience in application development with at least 2 years in security-focused code remediation
- Proven experience in analysing, fixing, and testing vulnerabilities across different languages
- Strong ability to collaborate across security, QA, and development teams
- Excellent problem-solving skills and attention to detail
- Industry certifications (preferred): OSCP, CEH, CSSLP, GWAPT, or equivalent
