Application Security Engineer / Senior AppSec Engineer

This is a remote position.

We are seeking a skilled Application Security Engineer to drive secure development practices and manage end-to-end application security testing, vulnerability management, and DevSecOps integration. The role requires hands-on experience in SAST/DAST tools, vulnerability scanning, CI/CD security integration, and manual security testing across web and API-based applications.

Key Responsibilities

• Perform application security assessments for web and API applications
• Integrate security into Secure SDLC (SSDLC) and DevSecOps pipelines
• Conduct threat modeling and security design reviews
• Execute vulnerability scans using tools like Tenable
• Analyze results from SAST, DAST, and manual testing
• Document findings including severity, exploitability, reproduction steps, and remediation guidance
• Integrate and maintain SAST/DAST tools within CI/CD pipelines
• Perform vulnerability validation, PoC development, and false-positive analysis
• Apply risk-based prioritization and track remediation to closure
• Provide L2/L3 support, incident investigation, and root cause analysis (RCA)
• Maintain AppSec documentation, audit evidence, and compliance reports
• Track and report vulnerability metrics, scan coverage, and remediation status

Required Skills

• Strong experience in Application Security (Web & API Security Testing)
• Expertise in OWASP Top 10 vulnerabilities and remediation techniques
• Hands-on experience with SAST tools (Checkmarx, Veracode, SonarQube)
• Hands-on experience with DAST tools (Burp Suite, OWASP ZAP)
• Experience with vulnerability scanning tools (Tenable preferred)
• Knowledge of Secure SDLC and DevSecOps practices
• Strong understanding of HTTP, REST APIs, authentication (OAuth, JWT)
• Proficiency in Python / Bash / PowerShell scripting
• Experience with CI/CD tools and pipeline security integration
• Familiarity with JIRA / ServiceNow or similar tracking tools

Preferred Qualifications

• Experience in manual penetration testing and exploit development
• Exposure to red team techniques and offensive security testing
• Experience in cloud environments (AWS / Azure / GCP)
• Knowledge of container and microservices security (Docker, Kubernetes)
• Experience supporting SOC 2, ISO 27001, or similar audits

Certifications (Preferred)

·OSCP / OSWE / GWAPT / eWPT

·CEH (Certified Ethical Hacker)

·CISSP / CSSLP

• AWS Security Specialty / Azure Security Engineer
• Certified Kubernetes Security Specialist (CKS)

Soft Skills

• Strong analytical and problem-solving skills
• Excellent communication and collaboration with engineering teams
• Ability to work in SLA-driven environments
• Detail-oriented with strong documentation skills