Application Security Engineer

We are looking for someone who will work closely with development, DevOps and security teams to promote secure coding practices and identify application vulnerabilities at each stage of development.

Job Description

Security integration in SDLC

• Implementation and operation of application security tools
• Incorporate and maintain tools such as SAST, DAST, and SCA into the CI/CD pipeline
• Design and implement security gates to ensure vulnerabilities are resolved before deployment
• Work with development teams to provide training on secure development methods and tools

Manual code review

• Fix security defects
• Design and implement SDL/DevSecOps processes
• Security integration using tools such as GitLab
• Perform detailed manual code reviews to discover vulnerabilities
• Document findings and provide practical improvement suggestions
• Formulate and manage secure coding guidelines and standards to be applied across the organization

Vulnerability management

• Analyze, select, prioritize and address vulnerabilities detected by scanning tools
• Work with developers to ensure vulnerabilities are fixed in a timely manner

Collaboration and education

• Act as a security expert (SME) for the development team
• Implement regular education programs to raise the team's security awareness
• Actively participate in architecture design discussions and ensure security is built in from the early stages
• OWASP Top Supports compliance with security standards such as PCI-DSS, PCI-10, CWE, GDPR, etc.

Ensures that code complies with internal security policies and industry standards

• Threat modeling and risk assessment
• Perform threat modeling of applications to identify risks at the early development stage
• Assess risks during design reviews and take appropriate measures