Application Security Engineer

Hybrid, 3 days onsite, 2 days remote. We are unable to sponsor as this is a permanent full-time role. A prestigious company is looking for an Application Security Engineer. This engineer will focus on web applications, secure SDLC, SAST, DAST, AWS/Azure vulnerability management, scripting/programming, etc. Responsibilities: Application Security / Secure SDLC Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC. Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows. Define and improve secure SDLC processes - designing and implementing a developer-friendly secure SDLC framework tailored to the company's delivery model. Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery. Build out processes for threat modelling and secure design review. Implement security for supply chain, AI/ML applications, open source, etc. Maintain cloud and self-managed security scanning tools, conduct manual source code reviews, and manual penetration assessments. Assist with application security vulnerability management, including implementing new vulnerability management tools. Perform ongoing reviews of application releases to ensure only secure and reviewed code is pushed to production, with automation as necessary. Develop scripts and automation to assist development teams in interpreting pipeline vulnerability reports for remediation. Qualifications: BS in Computer Science, Information Management, Information Security, or a related technical degree from an accredited university. 5+ years of experience in Application Security or Information Security. Experience scripting and working with containers in CI/CD pipelines. Experience with CI/CD tools and software development: Docker, Jenkins, GitHub, SVN, Terraform, etc. Strong understanding of enterprise technologies and security-related technologies; operational experience in cloud environments (AWS, Azure, GCP). Knowledge of cryptography and its applications. Understanding of enterprise infrastructure stacks and network configurations. Ability to modify code in various programming languages; practical experience with high-level languages. Deep knowledge of web, API, and cloud vulnerabilities (e.g., OWASP Top 10, CWE). Understanding of vulnerabilities, exploitability, and their impact. Knowledge of security in platform engineering and cloud-native stacks. Understanding of application layer attacks and defenses (CCS, CSRF, SQLi, XXE, SSRF, access control). Familiarity with API security (REST & GraphQL), Postman, OWASP Top 10. Experience with artifact repositories and security controls for component ingestion. Knowledge of Kubernetes security, container scanning, and infrastructure as code. Ability to prioritize vulnerabilities based on exploitability and impact. Proficiency in application security and vulnerability management. Strong scripting skills (Python, C++, PowerShell, Bash, etc.) and process automation. Some experience with penetration testing tools (Kali, Metasploit, Nmap, Burp Suite, etc.). Experience with diverse platforms: Mainframes, Windows, Unix, MacOS, Cisco, etc. #J-18808-Ljbffr