The Senior Application Security Engineer, Cybersecurity will serve as a key member of the Cybersecurity Technical Assessments team, providing advanced expertise in secure software development practices and application tooling. This role is responsible for managing and optimizing the application security tool stack--including SAST, DAST, SCA, IaC scanning, and secret detection--and ensuring its effective integration into the software development lifecycle (SDLC). The Senior Application Security Engineer will collaborate with development, engineering, and product teams to identify, triage, and remediate vulnerabilities, while also mentoring junior engineers and contributing to the evolution of secure development practices across the organization.
II. Job Competencies
Technical Proficiency:
Deep expertise in application security tooling (SAST, DAST, SCA, IaC scanning, secret scanning)
Strong understanding of secure coding principles and SDLC integration
Proficiency in scripting and programing languages (e.g., .NET, Python, JavaScript)
Analytical Skills:
Ability to analyze and validate security findings, prioritize risk, and guide remediation
Strong attention to detail in identifying false positives and systemic security gaps
Communication Skills:
Ability to clearly communicate technical issues to both technical and non-technical stakeholders
Skilled in writing documentation, reports, and presenting findings to cross-functional teams
Team Collaboration:
Experience working in Agile/DevOps environments with cross-functional teams
Ability to mentor junior engineers and lead small-scale security initiatives
Ability to work effectively with a remotely located team spanning multiple time zones
Continuous Learning:
Commitment to staying current with evolving security tools, threats, and best practices
Active pursuit of professional development and relevant certifications
III. Essential Job Functions
Manage and optimize application security tools (SAST, DAST, SCA, IaC, secret scanning) and ensure effective integration into CI/CD pipelines and the SDLC lifecycle
Analyze source code and infrastructure-as-code for security vulnerabilities and provide actionable remediation guidance
Validate and triage findings from security tools, removing false positives and ensuring accurate issue tracking
Create and manage remediation tickets (e.g., Aha! Ideas, ServiceNow Requests), ensuring vulnerabilities are prioritized, assigned, and tracked to resolution
Collaborate with development and engineering teams to validate remediation efforts and confirm closure of security issues
Participate in the risk management process by documenting, reviewing, and maintaining risk exceptions for unresolved or accepted vulnerabilities
Work with risk owners and business stakeholders to ensure appropriate compensating controls are in place and documented
Lead secure code reviews and contribute to threat modeling and design discussions for high-risk applications
Mentor junior engineers and provide technical guidance on secure development practices
Contribute to the development and refinement of secure coding standards, policies, and procedures
Develop and maintain dashboards and reports that communicate application security posture, remediation progress, and risk trends to leadership
Identify recurring security issues and propose systemic improvements to reduce future risk
Lead efforts to evaluate, pilot, and implement new application security tools and integrations that enhance automation and coverage
Continuously refine scanning configurations and policies to improve signal-to-noise ratio in findings
Stay informed on emerging threats, vulnerabilities, and industry trends, and recommend improvements to tooling and processes
Participate in the evaluation and onboarding of new security tools and technologies
Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues.
This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Associates may be required to perform other job-related duties as required by their supervisor, subject to reasonable accommodation.
IV. Employment Qualifications
Legally Required License / Certification (Ex: MD, RN, LPN, etc.) ONE CERTIFICATION PER FIELD
Ensemble Required License / Certification (Ex: CRCR) ONE CERTIFICATION PER FIELD
Bachelor's Degree or Equivalent Experience
Computer Science, Information Security, or a related field.
Other Preferred Knowledge, Skills and Abilities
A minimum of 5 years of experience in software development, architecture, or engineering roles
A minimum of 3-5 years of experience applying secure development practices or working directly with application security tools (e.g., SAST, DAST, SCA, IaC scanning)
Demonstrated experience leading remediation efforts and collaboration between development and security teams to address vulnerabilities
Ability to read and interpret stack traces and source code call trees to validate and triage security findings
Experience working in Agile/SCRUM environments and implementing CI/CD and DevOps practices
Proficiency in scripting languages (e.g., Python, PowerShell, Bash) to support automation and developer tooling
Experience deploying and automating security solutions in enterprise environments using AWS and/or Azure
Hands-on experience with application security platforms including SAST, DAST, SCA, IaC scanning, and secret detection tools
Proficiency in one or more programming languages such as Java, .NET (C#), PHP, JavaScript, or Python)
Working knowledge of SQL and relational database security considerations
Strong understanding of OWASP Top10 and secure coding standards
Experience with version control systems (Github, Azure DevOps, Gitlab) and CI/CD pipeline integration
Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and containerization technologies (Docker, Kubernetes)
Strong analytical and problem-solving skills, with the ability to bring structure and clarity to complex technical challenges
Familiarity with Linux and Windows operating systems and cloud-native security practices in Azure, AWS, or GCP
Ability to create scripts (PowerShell/bash)
Adherence to secure change management and deployment processes
Excellent communication skills and the ability to serve as a security ambassador across engineering and product teams
Proven ability to take ownership of complex issues and drive them to resolution with minimal oversight
Numbers of Positions:
2
Beware of fraud agents! do not pay money to get a job
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.