Senior Application Security Engineer

Job Title: Senior Application Security Engineer

Location: Trivandrum/Hyderabad

Experience Range: 4+ yrs

The Senior Application Security Engineer is a hands-on role focused on application development security. This role requires a broad, deep level of technical expertise and information security experience. The Senior Application Security Engineer collaborates with staff developers, Information Technology, business users, and Information Security to assess and manage static and dynamic code analysis initiatives; design, select and deploy technical controls to meet security and business requirements; and implement secure software engineering processes, standards, and tools. The Senior Application Security Engineer is a mentor to security team members from an application standpoint.

Desired experience and skills

• Minimum 4 years of Application Security experience

• 1-2 years AppDev experience preferred (C# or Java preferred)

• Understanding of OWASP Top 10 and CVE/SANS Top 25

• Experience with code scanning tools for SAST/DAST/SCA

• Able to communicate complex AppSec concepts to developers of different levels

• Knowledge of compliance controls (SOX, PCI, GDPR, etc.)

• Experience or Knowledge in API Penetration Testing

• Experience or Knowledge in Application Security Testing of Thick Client Applications

• Understanding of AppSec in Mobile Penetration Testing (iOS, Android)

• Understanding of AppSec in WebPenetration Testing

• Knowledge of OWASP SAMM or BSIMM industry maturity models (preferred)

• Experience in integrating AppSec tools and practices into an enterprise DevOps environment or CI/CD pipeline (Azure DevOps preferred) DevSecOps

• Understanding of AppSec in a cloud native environment (preferred)