Job Title: Application Security Engineer

We are looking for experienced Application Security Engineer to effectively maintain the automated
source code scanning platform, to perform secure code reviews as well as support the automated
penetration test delivery within the organization and also upskill the developers by training on secure
coding.

Responsibilities

● Responsible to propose and integrate security practices and processes into software
development to ensure the delivery of applications have vulnerabilities resolved and
mitigated
● Responsible to develop secure application development practices, standards, guidelines
and solutions towards adopting technical best practices and uplifting the Application
Security (AppSec) capabilities within the organization
● Perform Application Security assessment using a combination of threat modelling,
vulnerability research, code scanning, application security testing with recommendation
of proper remediation actions
● Work closely with Development for vulnerability mitigations and help in removing the
false positive from the static and dynamic application security report
● Work closely with DevOps Team to create tools and automation to help test and improve
the security in the CI/CD pipeline like Jenkins, Bitrise, AWS Codebuild etc
● Identify gaps in security and improve security protocols and procedures in application
development processes
● Enhance security competency in development teams implementing the secure coding
training platform like Secure Code Warrior
● Provide training to the development team on security standards, policies, procedures
and best practices related to secure coding for Web and Mobile

Mandatory Skill-set

● Bachelor in Computer Science or related field required;
● Has at least 1- years of work experience in development;
● Has at least 3 - years of work experience in the area of application security;
● Experienced in conducting secure code review, dynamic application security
testing and manual security testing for both Web and Mobile applications;
● Experience in threat modelling - able to prepare threat profile to identify, quantify and
address security risks;
● Familiar with CI/CD and DevOps concepts and how security testing can be integrated
and automated as part of software delivery pipelines;
● Familiar with secure Web Services, Web and mobile API architecture (such as REST,
SOAP, SSL/TLS, HTTPS);
● Familiar with common web,mobile application vulnerabilities and technical knowledge to
address and mitigate vulnerabilities;
● Knowledge of security best practices, secure coding practice guidelines, OWASP
top 10 web and mobile;
● Excellent communication and presentation skills.

Desired Skill-Set

● Knowledge of Static Application security tools like Fortify, Checkmarx, Burp suite
professional, Qualys, Webinspect;
● Knowledge in implementing the open source scanner tool like Sonatype, Blackduck;
● Knowledge in Container security implementation;
● Knowledge in Cloud Security like AWS, Google Cloud Platform;
● Handling the Bug Bounty Program and issue tracking.
● Industrial certification like CEH