Application Security Engineer

Core Responsibilities
1. Secure Software Development
Establish and implement secure coding practices across development teams.
Define and enforce secure coding standards for Java, .NET, Python, and JavaScript applications.
Conduct secure design and architecture reviews for both new and existing systems.
Educate developers on:
Secure coding practices
Authentication and authorization models
Common application vulnerabilities
Apply security controls aligned with:
OWASP Top 10
OWASP API Security Top 10
2. Application & API Security
Design and implement secure REST APIs and web services.
Implement secure authentication and authorization using:
SAML 2.0
OIDC
OAuth 2.0
Secure Java and JavaScript frameworks including:
Spring Boot
React
Ensure secure handling of:
Tokens
Sessions
Secrets
Collaborate with Application Administrators and Security teams to integrate applications with:
WAF platforms
Load balancers
Security monitoring tools
Mandatory Qualifications
Minimum 4+ years of experience in secure application development.
Prior hands-on software development experience.
Strong understanding of:
Web and mobile application architectures
Internet protocols (HTTP, HTTPS, WebSockets)
REST API security principles
Practical knowledge of SAST, DAST, and SCA methodologies (result interpretation and remediation).
Experience with security tools such as:
Veracode
PortSwigger (Burp Suite)
Zimperium
Palo Alto Networks (Prisma)
Rapid7
Experience applying controls from:
NIST SPxxxxxxxxxxxxxxx
NIST SPxxxxxxxxxxxxxxx
Strong analytical, troubleshooting, and problem-solving skills.
Ability to work independently within a development-focused environment.
Preferred Qualifications
Experience with containerized environments (Docker, Kubernetes).
Development experience with:
Core Java / J2EE
Spring Boot
React / AngularJS
HTML5, CSS, JavaScript
Experience designing secure GIS-based applications.
Familiarity with public safety or emergency response systems.