Application Security Engineer

• Bachelor's or master's degree in computer science, Information Security, or a related field.
• 8+ years of experience in application security, penetration testing, or secure software development.

The Ideal Qualifications:

• Relevant security certifications such as CEH, OSCP, CISSP, or GWAPT from an industry recognized certifier (e.g., SANS/GIAC, CompTIA, ISACA, ISC2, etc.) Strong knowledge of secure software development methodologies, including threat modeling, code reviews, and static/dynamic analysis.
• Strong knowledge of application security vulnerabilities and best practices (e.g., OWASP Top 10, etc.) Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
• Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), containerized environments (Docker, Kubernetes), and API security.
• Hands-on experience with security tools such as SAST, DAST, SCA, IAST, and fuzzing tools.
• Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.
• Advance understanding and experience with writing source code in at least one programming language (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.).
• Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes.
• Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers).
• Knowledge of encryption, authentication, and access control.
• Knowledge of compliance and regulatory frameworks (SOC 2, etc.).