Application Security Engineer

• Coordinate remediation efforts and track risk reduction metrics.
• Support bug bounty and responsible disclosure programs (if applicable).

Threat Modeling & Risk Assessment

• Conduct threat modeling sessions for new applications and features.
• Evaluate APIs, microservices, and third-party integrations for security risks.
• Provide actionable recommendations to mitigate identified threats.

Cloud & Container Security

• Secure cloud-native applications in AWS, Azure, or GCP.
• Assess Kubernetes and container security configurations.
• Implement secrets management and encryption best practices.

Governance & Compliance

• Support compliance efforts (SOC 2, ISO 27001, PCI-DSS, HIPAA, etc., as applicable).
• Contribute to security policies, standards, and procedures.
• Deliver developer security training and awareness initiatives.

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 3–6+ years of experience in Application Security or Secure Software Engineering.
• Strong understanding of OWASP Top 10 vulnerabilities.
• Proficiency in at least one programming language (e.g., Python, Java, Go, JavaScript).
• Experience with security testing tools (e.g., Burp Suite, Checkmarx, Veracode, Snyk).
• Familiarity with CI/CD tools (Jenkins, GitHub Actions, GitLab CI).
• Knowledge of RESTful APIs and microservices security.