Application Security Engineer
Indexed description
Job Description: Application Security Engineer
Role Summary
We are seeking a skilled Application Security Engineer to strengthen the security posture of web and API-based applications. The role focuses on integrating security into the SDLC, managing security tools, identifying vulnerabilities, and working closely with engineering teams to drive timely remediation.
Key Responsibilities:
Application Security Engineering
● Provide security engineering support for web and API applications.
● Integrate security controls into the Secure SDLC, including threat modeling and security design reviews.
● Ensure adherence to organizational security standards and best practices.
Vulnerability Scanning & Tool Administration
● Administer and manage vulnerability scanning tools (e.g., Tenable or similar).
● Configure, tune, and maintain scanning policies and schedules.
● Optimize tool performance to improve accuracy and reduce false positives.
SAST & DAST Integration
● Implement and maintain SAST and DAST tools within CI/CD pipelines.
● Configure detection rules and improve result reliability.
● Collaborate with engineering teams to ensure seamless integration and actionable outputs.
Vulnerability Discovery & Risk Prioritization
● Identify and validate vulnerabilities through automated and manual testing.
● Perform false-positive analysis and assess exploitability.
● Provide risk-based prioritization aligned with business impact.
Operational Execution & Remediation
● Review scan results and track vulnerabilities to closure.
● Coordinate with development teams for timely remediation.
● Ensure adherence to defined workflows and SLAs.
Red Team & Offensive Security Techniques
● Validate vulnerabilities using manual testing and offensive security methods.
● Develop proof-of-concept exploits where required.
● Document attack paths, reproduction steps, and impact clearly.
Security Testing & Bug Validation
● Perform manual and automated security testing for applications and APIs.
● Reproduce and validate reported issues across environments.
● Verify remediation effectiveness before closure.
Required Skills & Qualifications
● Bachelor’s degree in Computer Science, Information Security, or related field.
● 3–6 years of experience in Application Security or related domain.
● Hands-on experience with SAST, DAST, and vulnerability scanning tools.
● Strong understanding of OWASP Top 10, web application and API security.
● Experience with CI/CD pipeline integrations (e.g., Jenkins, GitHub Actions, GitLab).
● Knowledge of secure coding practices and common vulnerability patterns.
● Familiarity with scripting (Python, Bash, or similar) is a plus.
Preferred Qualifications
● Experience with threat modeling and secure design reviews.
● Exposure to red teaming or penetration testing techniques.
● Relevant certifications (e.g., OSCP, CEH, GWAPT) are a plus.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search