Job Summary
We are seeking a highly motivated Application Security Engineer to join our security team. The ideal candidate will have hands-on experience in conducting security assessments for web, mobile, and thick client applications, as well as reviewing source code for vulnerabilities. This role involves close collaboration with development teams to ensure applications are secure by design and compliant with best practices.
Key Responsibilities
- Conduct security assessments of web, mobile, thick client applications, and APIs.
- Perform source code reviews and software composition analysis (SCA) to identify vulnerabilities.
- Collaborate with development and DevOps teams to remediate identified vulnerabilities.
- Develop, enhance, and maintain security testing scripts, tools, and frameworks.
- Stay abreast of the latest security threats, vulnerabilities, and industry best practices.
- Prepare detailed technical reports, including findings, risk analysis, and recommended remediation steps.
- Assist in integrating security testing into the SDLC and CI/CD pipelines.
Required Skills & Qualifications
- 3-5 years of hands-on experience in Application Security / Penetration Testing.
- Strong understanding of web, mobile, and thick client application security principles.
- Proficiency with security assessment tools such as Burp Suite, OWASP ZAP, Checkmarx, Veracode, or similar.
- Good knowledge of secure coding practices and common vulnerabilities (OWASP Top 10, SANS 25, CWE, CVE).
- Experience with static and dynamic analysis tools (SAST/DAST) and open-source scanning tools.
- Excellent analytical, problem-solving, and communication skills.
- Strong attention to detail and ability to work independently as well as in a team environment.
Preferred Certification
- CISSP Certified Information Systems Security Professional
- CISA Certified Information Systems Auditor
- OSCP Offensive Security Certified Professional
- CEH Certified Ethical Hacker
- CompTIA Security+
