Senior Application Security Engineer

We are seeking a highly skilled DevSecOps Engineer with a strong background in application security, penetration testing, and secure development practices.

The ideal candidate will bring hands-on experience in SAST, DAST, Kubernetes, CI/CD pipelines, and a solid understanding of DevSecOps principles.

You will work closely with engineering, DevOps, and security teams to build, automate, and secure systems across the development lifecycle.Key Responsibilities:- Conduct backend and infrastructure penetration testing to identify and mitigate security vulnerabilities.- Integrate and manage SAST and DAST tools within CI/CD pipelines.- Collaborate on secure architecture design, threat modeling, and security code reviews.- Drive secure coding practices and security automation across development teams.- Assess and enhance the security of cloud-native applications, containerized workloads, and Kubernetes clusters.- Implement security controls and monitoring for applications and infrastructure.- Contribute to SDL (Secure Development Lifecycle) activities including threat/attack modeling and secure design reviews.- Stay current with emerging threats, vulnerabilities, and regulatory frameworks.Required Skills and Qualifications:- 6+ years of experience in DevSecOps, application security, or related roles.- Proven experience in penetration testing (application and infrastructure).- Prior experience in software development, DevOps, or security architecture.- Expertise in application security and common vulnerability classes (OWASP Top 10).- Experience integrating and using SAST/DAST tools (e.g., Veracode, SonarQube, Burp Suite).- Strong understanding of CI/CD pipelines (Jenkins, GitLab, GitHub Actions, etc.).- Hands-on with Kubernetes, Docker, and container security.- Familiarity with cloud platforms (AWS, Azure, GCP) and securing cloud-native environments.- Deep knowledge of security mechanisms across operating systems, networks, virtualization, and databases.- Familiar with information security frameworks and standards (e.g., NIST, ISO 27001, CIS).- Experience with threat modeling and design reviews.- Excellent problem-solving, collaboration, and communication skills.