Senior Staff Application Security Engineer

• Conduct application security reviews and perform penetration testing, ensuring alignment with compliance standards
• Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements
• Scale security processes using automation
• Provide training, outreach, and develop documentation to guide security practices among internal teams
• Offer technical guidance, advocate for automation, evaluate designs, and lead our security teams to empower engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products
  
  

The Opportunity/Role Summary:

• Conduct application security reviews and perform penetration testing, ensuring alignment with compliance standards
• Engage in projects, research, and security tool development to enhance security measures and meet compliance requirements
• Scale security processes using automation
• Provide training, outreach, and develop documentation to guide security practices among internal teams
• Offer technical guidance, advocate for automation, evaluate designs, and lead our security teams to empower engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products
  
  

• Strong foundations in secure design reviews, threat modeling experience, code reviews, pen-testing
• Minimum of 3 **years of technical experience** with any combination of the following: **threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.**
• Minimum 2 years experience with Software Development Life Cycle in one or more languages (**Go, Python, Nodejs, Rust, etc.**)
• Experience with public/private cloud environments (**Openshift, Rancher, K8s, AWS, GCP, Azure, etc.**)
• In-depth knowledge of security principles, compliance regulations, and change management
• Experience in running assessments using OWASP MASVS and ASVS
• Working knowledge on exploiting and fixing application vulnerabilities
• Proven expertise in architectural threat modeling and conducting secure design reviews
• In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10 or SANS top 25)
• Familiarity with automated dynamic scanners, fuzzers, and proxy tools
• An analytical mind for problem solving, abstract thought, and offensive security tactics
• Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
• Exposure to advanced AI and Large Language Model (LLM) security
• Relocation package is provided in case you prefer to relocate to Bangkok, Thailand. Our benefits are

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com