Position Overview
We are seeking an Application Security Engineer to join our growing team. This role sits within our broader Cyber Security function, focusing specifically on application-level security. You will lead testing, vulnerability management, code review, and DevSecOps practices to safeguard our payment systems and digital services.
- Conduct security testing on web applications, APIs, and mobile apps.
- Perform penetration testing for business-critical use cases (e.g., payment processes, account takeover, privilege escalation).
- Identify vulnerabilities, create proof-of-concepts (PoCs), and provide remediation strategies.
- Review source code (Java, Python, Go, Node.js) to identify and mitigate risks.
- Participate in secure architecture design, providing recommendations and guidance.
- Promote secure software development lifecycle (SDL) practices.
- Manage vulnerability lifecycle from discovery to resolution.
- Integrate and optimize security tools (e.g., Fortify, Checkmarx, SonarQube) within CI/CD pipelines.
- Conduct software composition analysis (SCA).
- Define and enforce application security standards and best practices.
- Collaborate closely with Red Team exercises, defense drills, and third-party vendor assessments.
Key Responsibilities
- Lead application security testing and vulnerability assessments across web, mobile, and API services.
- Develop, implement, and continuously improve AppSec frameworks, policies, and processes.
- Partner with engineering teams to embed security into development cycles.
- Support incident response teams with application-related vulnerabilities.
- Track industry trends and emerging threats to ensure proactive defenses.
Qualifications & Skills Required
- Bachelors degree in Computer Science, Information Security, or related field.
- 35 years of hands-on experience in application security, penetration testing, or secure software development.
- Strong coding/review skills in at least one major language (Java, Python, Go, Node.js).
- Deep understanding of OWASP Top 10, application threat modeling, and secure SDLC practices.
- Experience with security tools such as Fortify, Checkmarx, SonarQube, Burp Suite, or similar.
- Familiarity with DevSecOps and integrating security into CI/CD pipelines.
- Knowledge of vulnerability management processes and frameworks.
- Strong problem-solving skills, analytical mindset, and attention to detail.
- Relevant certifications (e.g., OSCP, CEH, GWAPT, CISSP) are a plus.
- Excellent communication skills and ability to work cross-functionally with developers, product, and operations teams.
