Application Security Manager

The Senior Security Engineer will be responsible for executing and advancing application security efforts through hands-on assessments, process improvements, secure development enablement, and cross-functional collaboration. They will act as a subject matter expert for security design and remediation, contributing to secure software delivery at scale.

1. Contribute to the design and implementation of the organization’s application security program.
2. Support the enforcement of secure coding practices and industry best standards.
3. Conduct threat modeling sessions, design reviews, and security walkthroughs with development teams.
4. Ensure alignment with regulatory frameworks and standards (e.g., OWASP, PCI-DSS, ISO 27001).
5. Perform static (SAST) and dynamic (DAST) application security testing using tools such as Checkmarx, SonarQube, Veracode, and Burp Suite.
6. Lead and conduct manual code reviews and penetration testing exercises as needed.
7. Prioritize and guide the remediation of vulnerabilities based on business risk and impact.
8. Assess third-party libraries, applications, and APIs for security risks and integration issues.
9. Embed security into CI/CD pipelines by integrating and optimizing automated security tools.
10. Provide architectural and design security consultations to product and engineering teams.
11. Drive awareness and adoption of secure coding practices among developers and DevOps teams.
12. Deliver security knowledge-sharing sessions and tailored training to technical teams.
13. Collaborate with cross-functional stakeholders (product, IT, compliance, engineering).
14. Support investigation and response to application security incidents.
15. Conduct root cause analysis and assist with implementing preventative controls.
16. Coordinate with the SecOps team on logging, detection, and monitoring enhancements.
17. Help define and report on security KPIs, risks, and remediations to management.
18. Stay informed on current threat trends, tools, and emerging AppSec methodologies.

2-5 years of experience in Application Security.

Bachelor's degree and/or master’s degree in cyber security, information security, computer engineering, computer science, or a related field.

• Web Application Penetration Testing (WAPT)
• Mobile Application Penetration Testing (MAPT)
• Secure Software Development Lifecycle (S-SDLC)
• Threat Modelling
• Secure Source Code Review (SSCR)
• SecDevOps

• EC-Council: E|CDE, C|ASE .NET, C|ASE JAVA, W|AHS
• INE Security: eWPT, eWPTX, eMAPT
• The SecOps Group (TSOG): CAP, CAPen, CAPenX, CMPen-Android, CMPen-iOS
• GIAC: GWAPT, GMOB
• Offensive Security (OS): OSWA, OSWE
• Practical DevSecOps (PDSO): CDP, CDE, CTMP, CASP, CSSE
• Mile2: C)SWAE