Application Security (AppSec) Specialist

We are seeking an Application Security Specialist to integrate security throughout the software development lifecycle, implementing secure coding practices, managing static/dynamic application security testing, and conducting software composition analysis to ensure robust application security across our development portfolio.

• Integrate security controls and checkpoints throughout the SDLC from design to deployment
• Collaborate with development teams to implement security requirements and threat modeling practices
• Establish secure coding standards, guidelines, and security review processes
• Configure automated security testing in CI/CD pipelines and DevSecOps workflows
• Conduct security architecture reviews and design consultations for new applications

• Deploy and manage SAST tools (SonarQube, Veracode, Checkmarx, Fortify) for source code analysis
• Implement DAST solutions (OWASP ZAP, Burp Suite, Rapid7) for runtime vulnerability detection
• Configure interactive application security testing (IAST) for real-time vulnerability identification
• Analyze scan results, triage findings, and prioritize remediation based on risk assessment
• Develop custom security rules and policies for application-specific security requirements

• Implement SCA tools (Snyk, Black Duck, WhiteSource) to identify vulnerable third-party components
• Monitor open source libraries and dependencies for known vulnerabilities and license compliance
• Establish policies for acceptable third-party components and dependency management
• Automate vulnerability scanning for container images and package repositories
• Create remediation workflows for outdated or vulnerable dependencies

• Provide secure coding training and security awareness programs for development teams
• Conduct code reviews and security consultations for critical applications
• Develop application security documentation, best practices, and remediation guidance
• Support incident response for application security breaches and vulnerability disclosures
• Mentor developers on security testing tools and defensive programming techniques

• 6+ years experience in application security and secure software development
• Expert knowledge of SAST/DAST tools and application security testing methodologies
• Strong programming skills in multiple languages (Java, .NET, Python, JavaScript, Go)
• Experience with SCA tools and open source vulnerability management
• Understanding of web application security (OWASP Top 10, API security, authentication/authorization)
• Proficiency in security testing frameworks and penetration testing techniques

• Experience integrating security tools into CI/CD pipelines and automated workflows
• Knowledge of secure coding practices and common vulnerability patterns
• Understanding of cloud-native application security and containerized application testing
• Experience with threat modeling methodologies and security architecture principles

• Bachelor's degree in Computer Science, Cybersecurity, or related field
• Security certifications (CISSP, CSSLP, CEH, GWEB, OSCP)
• Experience with DevSecOps practices and security automation frameworks
• Background in penetration testing and manual application security assessments
• Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOX) for application security