As an Application Security Engineer, you will play a critical role in integrating security throughout the Software Development Lifecycle (SDLC). You will work closely with Development, DevOps, Architecture, and Security teams to identify, assess, and mitigate application security risks while ensuring secure coding practices are embedded into enterprise applications. This role combines expertise in Application Security, Secure Software Development, Cloud Technologies, and DevSecOps to strengthen the organization's overall security posture and support the delivery of secure, scalable, and resilient.
Key Responsibilities:
- Develop and maintain secure enterprise applications using C#, .NET, ASP.NET Core, and modern web technologies.
- Identify, analyze, and remediate application security vulnerabilities across backend and frontend systems.
- Implement secure coding practices aligned with OWASP Top 10, CWE, and industry security standards.
- Perform code reviews with a focus on security, performance, maintainability, and reliability.
- Conduct threat modeling exercises and recommend mitigation strategies for identified risks.
- Assess vulnerabilities using CVSS scoring and prioritize remediation activities based on business and security impact.
- Analyze and resolve findings from SAST, DAST, SCA, and dependency scanning tools.
- Collaborate with DevOps teams to integrate security controls and automated security testing into CI/CD pipelines.
- Implement authentication, authorization, encryption, secrets management, and secure communication mechanisms.
- Support software supply chain security initiatives, including dependency governance and third-party library risk management.
- Participate in security audits, penetration test remediation, compliance activities, and security assessments.
- Provide security guidance and best practices to development teams throughout the application lifecycle.
- Monitor emerging threats, vulnerabilities, and security trends and recommend appropriate countermeasures.
What We're Looking For
Application Security
- Strong understanding of OWASP Top 10 vulnerabilities and remediation techniques.
- Experience with Threat Modeling methodologies.
- Knowledge of CVSS risk assessment and vulnerability management.
- Strong understanding of Secure SDLC practices.
- Expertise in secure coding principles and application security controls.
- Knowledge of Authentication and Authorization frameworks (OAuth2, OpenID Connect, JWT).
- Understanding of Cryptography fundamentals and secure API design.
Security Tools
Experience with one or more of the following:
- Black Duck
- Snyk
- SonarQube
- Veracode
- Checkmarx
- Fortify
.NET Development
- Strong proficiency in C# and .NET 6/7/8+.
- Experience with ASP.NET Core Web API.
- Entity Framework Core.
- SQL Server and/or PostgreSQL.
- REST API development and security.
DevOps & Cloud
- Azure DevOps or GitHub Actions.
- Docker and container security concepts.
- Experience with Azure and/or AWS cloud platforms.
- Secret Management solutions such as Azure Key Vault or AWS Secrets Manager.
Nice to Have
- PKI and Certificate Management.
- Code Signing processes.
- HSM Integration.
- Azure Key Vault administration.
- Penetration Testing experience.
- Security certifications such as CSSLP, Security+, AZ-500, or equivalent.
Why Join Us
- Work on modern cloud-native and enterprise applications.
- Influence security practices across the entire development lifecycle.
- Collaborate with highly skilled development, DevOps, and security professionals.
- Drive DevSecOps transformation and secure software delivery initiatives.
- Contribute directly to strengthening the organization's cyber security posture.
