Application Security Engineer

Job Description

The application security engineer is responsible for ensuring that all developed or acquired software meets security standards while supporting rapid innovation. The role involves integrating security into the software development lifecycle, conducting security assessments, and providing expert guidance on secure coding, vulnerability management, and penetration testing. Key Responsibilities Integrate security tools, best practices, and standards into the product/software development lifecycle. Conduct vulnerability assessments and penetration testing for infrastructure, web applications, APIs, mobile applications, and cloud environments. Identify, analyze, and exploit cybersecurity vulnerabilities, demonstrating attack vectors and providing remediation guidance. Support incident response and architecture review processes with application security expertise. Develop penetration testing plans, methodologies, and documentation, and report findings to stakeholders. Manage annual penetration testing activities with external vendors and internal teams. Provide manual penetration testing, security gap analysis, and application code review support. Evaluate third-party software for security compliance during vendor due diligence. Track and report on application security metrics, team performance, and security program effectiveness. Contribute to improving application frameworks, perimeter security, and overall security posture. Required Skills Experience Strong understanding of common security vulnerabilities (OWASP Top 10, SANS 25) and mitigation techniques. Experience with penetration testing tools (e.g., Kali Linux, Burp Suite, Metasploit, Nmap NSE, Mimikatz, Bloodhound, OpenVAS, Rapid7 InsightVM, Tenable.io). Knowledge of SSDLC, threat modeling, and secure coding practices. Proficient in scripting/programming: Python, Bash, PowerShell, JavaScript, Java, .NET, or Node.js (basic to intermediate). Experience with REST APIs, SOA architecture, and API Gateway concepts. Knowledge of cloud platforms (AWS, Azure, or GCP) and pen testing for IaaS, SaaS, PaaS, and containerized environments. Familiarity with vulnerability scoring systems (CVSS, EPSS) and security frameworks (CIS Benchmark, NIST). Strong understanding of MITRE ATTCK Framework, attack path management, red teaming, privilege escalation, lateral movement, and defense evasion techniques. Good understanding of Windows and Linux operating systems, Apache/Unix servers. Additional Skills (Preferred) Experience in maintaining external attack surface security posture. Experience in application security testing (white-box, black-box, and code review). Certifications such as CISSP, CEH, OSCP, CSSLP are an advantage. This job is provided by Shine.com