Application Security Engineer

The Application Security Engineer will play a critical role in safeguarding web, mobile, and backend systems from vulnerabilities and malicious activity. This role involves deep technical testing, fraud detection, and integration with development teams to build secure-by-design solutions. It combines security expertise with hands-on experience in modern technologies, including wireless protocols, APIs, automation, and threat detection tools. Job Responsibilities: Perform application security testing on front-end web and mobile apps. Collaborate with GraphQL and backend teams to secure APIs and data flow. Analyze wireless domain components like eSIMs for telecom-specific vulnerabilities. Investigate fraud risks in business logic through detailed scenario testing. Conduct adversarial testing with a hacker's mindset to simulate abuse cases. Simulate social engineering breaches to test internal defenses. Monitor and analyze data traffic to identify potential security gaps. Create, document, and maintain security policies, procedures, and training materials. Implement industry best practices for secure software development. Conduct gap analysis to ensure alignment with standards and compliance requirements. Continuously evaluate and enhance security posture in response to emerging threats. Automate security checks using BDD frameworks and CI/CD pipelines. Required Skills: Hands-on experience with: App Security Testing: OWASP ZAP, Burp Suite, MobSF, Appium, Selenium, Charles Proxy API Security: GraphQL, JWT, OAuth 2.0, API Gateway, Kong Wireless/Telecom: eUICC, GSMA, Wireshark, QXDM, QCAT Social Engineering Simulation: SET, Gophish, OSINT tools Monitoring/Data Flow: Wireshark, tcpdump, Fiddler Security Standards: NIST, ISO 27001, CIS Benchmarks Best Practices: OWASP ASVS, Jenkins, GitHub Actions, Snyk, SonarQube Gap Analysis: Nessus, OpenVAS, Qualys, RSA Archer Preferred Skills: Experience in fraud management tools (e.g., Actimize, SAS) Familiarity with DevSecOps pipelines and secure SDLC frameworks Exposure to CVE analysis and threat intelligence platforms (e.g., Recorded Future, MISP) Certifications: Security certifications such as OSCP, CEH, GWAPT, or CISSP (preferred but not mandatory) Education: Bachelor's degree in computer science, Cybersecurity, or a related field #J-18808-Ljbffr