Senior Application Security Engineer

3+ years of experience in application security, software development, or DevSecOps.
Strong understanding of web application security principles, OWASP Top 10, and secure coding practices.
Hands-on experience with security testing tools such as Burp Suite, SAST/DAST/SCA solutions, and fuzzing tools.
Proficiency in at least one programming language (e.g., Python, JavaScript, Java, or Go).
Familiarity with cloud-native security (AWS, GCP, or Azure).
Knowledge of container and microservices security best practices.
Security certifications such as OSWE, GWAPT, or CISSP are a plus.
Must be able to work onsite at our office Tuesday through Thursday each week, with the option to work remotely on Mondays and Fridays.

Conduct security assessments, code reviews, and threat modeling to identify and mitigate risks in applications.
Develop and enforce secure coding guidelines and best practices across engineering teams.
Automate security testing within CI/CD pipelines using SAST, DAST, and SCA tools.
Collaborate with developers to remediate vulnerabilities and provide security training.
Design and implement application-layer security controls, including authentication, authorization, and encryption mechanisms.
Research emerging threats and vulnerabilities to enhance application security strategies.
Assist in incident response related to application security breaches.
Work with product and engineering teams to ensure security is embedded in the SDLC.