Security Engineer (Application Security Secure Coding)
Job Location:
Monthly Salary:
Experience Required:
Posted on:
Vacancies:
Job Summary
Security Engineer (Application Security / Secure Coding)
Job Summary
We are seeking an experienced Security Engineer with a strong background in Application Security Secure Coding Practices and DevSecOps. The ideal candidate will be responsible for establishing secure development standards conducting security reviews identifying vulnerabilities and integrating security controls throughout the software development lifecycle.
The role requires close collaboration with Development QA DevOps and Architecture teams to ensure applications are secure compliant and aligned with industry best practices.
Key Responsibilities
- Establish and enforce secure coding standards across development teams.
- Conduct secure code reviews and security audits for backend and mobile applications.
- Identify analyze and remediate application and infrastructure security vulnerabilities.
- Design and implement Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) solutions.
- Improve code quality test coverage and documentation standards.
- Train and mentor development teams on Secure Development Lifecycle (SDL) and OWASP best practices.
- Integrate security controls and automated security gates into CI/CD pipelines.
- Perform threat modeling and security risk assessments for new features and applications.
- Collaborate with architects and engineering teams to incorporate security-by-design principles.
- Maintain security documentation standards and compliance-related artifacts.
- Support DevSecOps initiatives and continuous security improvement programs.
Required Skills
Application Security
- Strong understanding of secure software development practices.
- Experience identifying and mitigating common web application vulnerabilities:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- SQL Injection (SQLi)
- Authentication and Authorization vulnerabilities
- API Security risks
- Cross-Site Scripting (XSS)
Programming & Development
- Hands-on experience in one or more of the following:
- Java
- JavaScript
- Kotlin
- Java
- Strong debugging and code analysis capabilities.
Security Tools
- Experience with secure code review and vulnerability assessment tools such as:
- SonarQube
- Semgrep
- Fortify
- Similar SAST/DAST tools
- SonarQube
Security Standards & Frameworks
- Strong knowledge of:
- OWASP Top 10
- CWE (Common Weakness Enumeration)
- CVSS (Common Vulnerability Scoring System)
- Secure Development Lifecycle (SDL)
- OWASP Top 10
DevOps & Automation
- Experience working in Agile and DevSecOps environments.
- Knowledge of CI/CD pipelines and security automation.
- Experience integrating security testing into deployment workflows.
Soft Skills
- Excellent verbal and written communication skills.
- Ability to collaborate with cross-functional teams.
- Strong analytical and problem-solving skills.
Preferred Skills
- Experience with threat modeling and architecture security reviews.
- Exposure to cloud security concepts (AWS Azure or GCP).
- Knowledge of container and Kubernetes security.
- Experience with Infrastructure as Code (IaC) security scanning.
- Familiarity with compliance and security governance frameworks.
- Experience implementing enterprise-wide secure coding initiatives.
- Security certifications such as:
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Ethical Hacker (CEH)
- CompTIA Security
- GIAC Certifications
- CISSP (Preferred)
- Certified Secure Software Lifecycle Professional (CSSLP)
Ideal Candidate Profile
The ideal candidate should have 46 years of experience in Application Security or Secure Software Development strong expertise in secure coding practices hands-on exposure to SAST/DAST tools and the ability to drive security-first development practices across engineering teams. They should be comfortable working in a fast-paced Agile environment and collaborating with developers architects QA and DevOps teams.
