Job Description

INTRODUCTION:

As an Application Security Engineer, you will play a critical role in driving secure application development and vulnerability remediation across our AWS and Azure cloud environments. You'll collaborate with cross-functional teams to embed security into systems, tools, and workflows, ensuring the security and integrity of our digital assets.

This role is ideal for someone who thrives in a cloud-native, developer-focused environment and is passionate about building scalable security practices--not just identifying issues but helping resolve them through engineering and automation.

WHAT YOU'LL DO:

Conduct vulnerability scans and risk assessments in public cloud environments (AWS, Azure) to identify and remediate security risks Support the integration and ongoing use of SAST, DAST, and SCA tools within CI/CD pipelines and developer workflows Collaborate with development teams to improve secure application development practices and provide guidance on vulnerability remediation Contribute to application and infrastructure threat modeling to proactively identify potential risks Evaluate and advise on the security of AI-enhanced applications and large language models (LLMs) Apply Kubernetes and container security best practices to help ensure secure deployment of services Define and maintain application security governance, policies, and technical standards Work with external penetration testers to coordinate testing efforts and ensure timely triage and resolution of findings (note: this is not a primary pen testing role) Maintain and enhance security logging and monitoring strategies in collaboration with cloud-ops and SIEM teams Provide training and knowledge-sharing to development teams on application security tools and best practices Stay up to date on current security trends, threats, and regulatory changes to continuously improve security posture Partner with IT, legal, compliance, and other teams to ensure a holistic and aligned approach to security

WHAT YOU'LL NEED:

Bachelor's degree in computer science, Information Security, or a related field or related work experience CISSP certification (or equivalent security certification) required; CSSLP is a plus 7 years of Information Security experience with at least 5 years in IT roles . Strong understanding of security architecture design, particularly in Kubernetes, and familiarity with industry-standard security frameworks and best practices. Previous development background a big plus. Proven experience of conducting penetration tests, vulnerability assessments, risk assessments, and threat modelling. Knowledge of regulatory standards such as GDPR, PCI_DSS 4.0, and ISO-27001 Solid understanding of the Software Development Life Cycle (SDLC) and its integration with secure development practices. * Strong communication skills in English and the ability to work collaboratively in a team environment.