Senior Application Security Engineer

Threat Modeling & Security Validation

• Conduct threat modeling and security reviews for distributed cloud-native systems.

• Perform security code reviews, static/dynamic analysis (SAST/DAST), and dependency scanning.

• Participate in incident response exercises and red/blue team simulations.

• Assess third-party libraries, APIs, and vendor integrations for security compliance.

Embedding Security into the SDLC

• Partner with developers and QA engineers to embed security testing into CI/CD pipelines.

• Review architecture and design documents to identify and mitigate risks early.

• Contribute to security automation initiatives and tooling to improve developer velocity.

• Support security checkpoints in release and deployment processes.

Emerging Threat Monitoring & Proactive Defense

• Stay current on evolving security risks, frameworks, and attack vectors, including

• AI/ML-specific threats (e.g., prompt injection, model poisoning).

• Assist in designing and deploying proactive defense mechanisms across applications and data platforms.

• Support investigations and post-incident reviews to strengthen detection and prevention capabilities.

Security Awareness & Policy Implementation

• Advocate secure coding and best practices through code reviews, workshops, and documentation.

• Contribute to internal security standards and playbooks.

• Collaborate closely with Engineering, DevOps, and Product teams to foster a security-first culture.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or related field, or equivalent experience.

• 2 - 4 years of experience in Application Security, DevSecOps, or Secure Software Development.

• Strong understanding of OWASP Top 10, SANS CWE Top 25, and general application threat modeling.

• Experience with frameworks and architectures such as React, Node.js, Django, or FastAPI.

• Knowledge of securing APIs, microservices, and authentication mechanisms (OAuth2, OIDC, JWT).

• Experience with cloud platforms (AWS, GCP, Azure) and containerization (Docker, Kubernetes).

• Working knowledge of security testing tools (e.g., Semgrep, SonarQube, Burp Suite, Zap, Trivy).

• Solid collaboration and communication skills with cross-functional teams

Benefits

• Competitive Salary Package:Receive a pay package that matches your skills and experience.

• Vacation and Sick Leave credits:Enjoy vacation and sick leave credits to maintain work-life balance.

• Health Coverage:Get medical, dental, and vision insurance for you and your dependents.

• Government-Mandated Benefits:Full coverage of all statutory benefits like SSS, PhilHealth, and Pag-IBIG.

• Learning Opportunities:Access training, certifications, and mentorship to grow your career.

• Team Engagement:Join team-building activities and wellness programs.

• Modern Tools:Use the latest technology to excel in your role.

• Career Growth:Clear paths for promotion and professional development.

• Inclusive Culture:Be part of a diverse, supportive, and collaborative global team.

• Referral Rewards:Earn bonuses for bringing great talent to the team.