Application Security (AppSec) Specialist

Application Security (AppSec) Specialist

We are seeking an Application Security Specialist to integrate security throughout the software development lifecycle, implementing secure coding practices, managing static/dynamic application security testing, and conducting software composition analysis to ensure robust application security across our development portfolio.

Secure Development Lifecycle Integration

Integrate security controls and checkpoints throughout the SDLC from design to deployment

Collaborate with development teams to implement security requirements and threat modeling practices

Establish secure coding standards, guidelines, and security review processes

Configure automated security testing in CI/CD pipelines and DevSecOps workflows

Conduct security architecture reviews and design consultations for new applications

Static & Dynamic Application Security Testing

Deploy and manage SAST tools (SonarQube, Veracode, Checkmarx, Fortify) for source code analysis

Implement DAST solutions (OWASP ZAP, Burp Suite, Rapid7) for runtime vulnerability detection

Configure interactive application security testing (IAST) for real-time vulnerability identification

Analyze scan results, triage findings, and prioritize remediation based on risk assessment

Develop custom security rules and policies for application-specific security requirements

Software Composition Analysis

Implement SCA tools (Snyk, Black Duck, WhiteSource) to identify vulnerable third-party components

Monitor open source libraries and dependencies for known vulnerabilities and license compliance

Establish policies for acceptable third-party components and dependency management

Automate vulnerability scanning for container images and package repositories

Create remediation workflows for outdated or vulnerable dependencies

Security Training & Consultation

Provide secure coding training and security awareness programs for development teams

Conduct code reviews and security consultations for critical applications

Develop application security documentation, best practices, and remediation guidance

Support incident response for application security breaches and vulnerability disclosures

Mentor developers on security testing tools and defensive programming techniques

Technical Skills

6+ years experience in application security and secure software development

Expert knowledge of SAST/DAST tools and application security testing methodologies

Experience with SCA tools and open source vulnerability management

Understanding of web application security (OWASP Top 10, API security, authentication/authorization)

Proficiency in security testing frameworks and penetration testing techniques

Development Skills

Experience integrating security tools into CI/CD pipelines and automated workflows

Knowledge of secure coding practices and common vulnerability patterns

Understanding of cloud-native application security and containerized application testing

Experience with threat modeling methodologies and security architecture principles

Preferred Qualifications

Bachelor's degree in Computer Science, Cybersecurity, or related field

Security certifications (CISSP, CSSLP, CEH, GWEB, OSCP)

Experience with DevSecOps practices and security automation frameworks

Background in penetration testing and manual application security assessments

Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOX) for application security