Application Security Engineer
Application Security Engineer
Posted on :
09-07-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Application Security Engineer
Position Overview and Objective
The Application Security Engineer role is responsible for the implementation of
measures to ensure the security of Arctic Wolf software systems applications code
and related components. This role will work within our Information Security Engineering
team to deploy and operationalize technical security capabilities with open collaboration
with the Research and Development Team.
Primary Responsibilities and Duties
Understanding of secure coding & secure design principles
Work with teams to help them adopt secure coding.
Train developers architects code reviewers and others on secure coding practices
Serve as the subject matter expert for Application Security providing guidance to
Engineering and Product teams. You will be the bridge between AppSec & Engineering
teams.
Develop standards and training for security testing tools focused on the application layer
(e.g. SAST DAST IAST SCA) and Threat modeling
A solid understanding on Data Flow Diagrams (DFD) where you will provide guidance
to teams on calling out right data flows in a DFD.
Ability to build Threat models from DFD and mapping it to threats via STRIDE or any
threat model frameworks.
Ability to read a CVE scoring understand the vulnerability and should have the ability to
guide teams on vulnerability severity assessments.
Work with development teams throughout the entire SDLC to ensure code is secure by
design secure by default secure in deployment and communication
Help software development teams to understand and remediate security findings within
prescribed timelines.
Research and review any reported or suspected application vulnerabilities from third
party library and source code.
Create technical approaches to implementing application security control technologies.
Perform risk assessments of identified vulnerabilities and mitigations.
Contribute to a world-class security program that supports Arctic Wolfs tremendous
growth.
Mentors and coaches team members to further develop competencies.
The ability to effectively partner and communicate with Engineering and Product teams
Position Overview and Objective
The Application Security Engineer role is responsible for the implementation of
measures to ensure the security of Arctic Wolf software systems applications code
and related components. This role will work within our Information Security Engineering
team to deploy and operationalize technical security capabilities with open collaboration
with the Research and Development Team.
Primary Responsibilities and Duties
Understanding of secure coding & secure design principles
Work with teams to help them adopt secure coding.
Train developers architects code reviewers and others on secure coding practices
Serve as the subject matter expert for Application Security providing guidance to
Engineering and Product teams. You will be the bridge between AppSec & Engineering
teams.
Develop standards and training for security testing tools focused on the application layer
(e.g. SAST DAST IAST SCA) and Threat modeling
A solid understanding on Data Flow Diagrams (DFD) where you will provide guidance
to teams on calling out right data flows in a DFD.
Ability to build Threat models from DFD and mapping it to threats via STRIDE or any
threat model frameworks.
Ability to read a CVE scoring understand the vulnerability and should have the ability to
guide teams on vulnerability severity assessments.
Work with development teams throughout the entire SDLC to ensure code is secure by
design secure by default secure in deployment and communication
Help software development teams to understand and remediate security findings within
prescribed timelines.
Research and review any reported or suspected application vulnerabilities from third
party library and source code.
Create technical approaches to implementing application security control technologies.
Perform risk assessments of identified vulnerabilities and mitigations.
Contribute to a world-class security program that supports Arctic Wolfs tremendous
growth.
Mentors and coaches team members to further develop competencies.
The ability to effectively partner and communicate with Engineering and Product teams
Key Skills
Communication Threat modeling Code Review Penetration Testing Application
Testing Research Secure Coding Cloud Technologies Containerization Technologies
Key Competencies
Able to write clearly and succinctly in a variety of communication settings
and styles; can get messages across that have the desired effect.
Uses rigorous logic and methods to solve difficult problems with effective
solutions; probes all fruitful sources for answers; can see hidden problems; is
excellent at honest analysis; looks beyond the obvious and doesnt stop at
the first answers.
Comes up with a lot of new and unique ideas; easily makes connections
among previously unrelated notions; tends to be seen as original and value-
added in brainstorming settings.
Communication Threat modeling Code Review Penetration Testing Application
Testing Research Secure Coding Cloud Technologies Containerization Technologies
Key Competencies
Able to write clearly and succinctly in a variety of communication settings
and styles; can get messages across that have the desired effect.
Uses rigorous logic and methods to solve difficult problems with effective
solutions; probes all fruitful sources for answers; can see hidden problems; is
excellent at honest analysis; looks beyond the obvious and doesnt stop at
the first answers.
Comes up with a lot of new and unique ideas; easily makes connections
among previously unrelated notions; tends to be seen as original and value-
added in brainstorming settings.
Minimum Qualifications
A bachelors degree in computer science Information Systems Engineering
cybersecurity or related technical field; or equivalent experience.
3- 5 years of experience in software development within a large organization preferable
in a SaaS environment. OR
A thorough understanding of modern software development practices.
Thorough understanding of OWASP Top 10 vulnerabilities/ SANS top 25 and
corresponding best practices for mitigation.
Experience in application security technologies such as SAST DAST IAST SCA etc.
A bachelors degree in computer science Information Systems Engineering
cybersecurity or related technical field; or equivalent experience.
3- 5 years of experience in software development within a large organization preferable
in a SaaS environment. OR
A thorough understanding of modern software development practices.
Thorough understanding of OWASP Top 10 vulnerabilities/ SANS top 25 and
corresponding best practices for mitigation.
Experience in application security technologies such as SAST DAST IAST SCA etc.
Solid SAST DAST and SCA report reading skills which should translate to mitigations
of detections. The candidate must be able to analyze
of detections. The candidate must be able to analyze
Preferred Qualifications
3 years of experience in security or infrastructure engineering Including assessing and
escalating to vendors for troubleshooting purposes.
Familiarity with SAST & DAST (Running scans to reading reports). Integration of the
tools to a CI/CD pipeline calls for some bonus points.
Familiarity with containerization technologies such as Docker and/or Kubernetes is a
huge plus.
Significant prior experience securing large-scale web applications including performing
security code reviews vulnerability assessments and manual testing for logic flaws.
One or more Industry Certifications (GPEN GWAPT CEH OSCP etc.) is a plus.
Environment and Physical Demands
Work is primarily sedentary in nature and can be executed sitting or standing positions
in an office environment.
Requires ability to utilize technology related to using a keyboard verbal communication
and work with device screens which require visual acuity.
If located in a company office often requires the mobility to physically navigate the
space.
In the event of business travel mobility sufficient to utilize public and private transport
and navigate to essential locations.
May include moving or lifting of 25 pounds or less (e.g. office chair reams of paper).
3 years of experience in security or infrastructure engineering Including assessing and
escalating to vendors for troubleshooting purposes.
Familiarity with SAST & DAST (Running scans to reading reports). Integration of the
tools to a CI/CD pipeline calls for some bonus points.
Familiarity with containerization technologies such as Docker and/or Kubernetes is a
huge plus.
Significant prior experience securing large-scale web applications including performing
security code reviews vulnerability assessments and manual testing for logic flaws.
One or more Industry Certifications (GPEN GWAPT CEH OSCP etc.) is a plus.
Environment and Physical Demands
Work is primarily sedentary in nature and can be executed sitting or standing positions
in an office environment.
Requires ability to utilize technology related to using a keyboard verbal communication
and work with device screens which require visual acuity.
If located in a company office often requires the mobility to physically navigate the
space.
In the event of business travel mobility sufficient to utilize public and private transport
and navigate to essential locations.
May include moving or lifting of 25 pounds or less (e.g. office chair reams of paper).
Security Requirements
Conducts duties and responsibilities in accordance with AWNs Information Security
policies standards processes and controls to protect the confidentiality integrity and
availability of AWN business information.
Each successful candidate will be required to pass a criminal background check and an
employment verification as a condition of employment.
Conducts duties and responsibilities in accordance with AWNs Information Security
policies standards processes and controls to protect the confidentiality integrity and
availability of AWN business information.
Each successful candidate will be required to pass a criminal background check and an
employment verification as a condition of employment.
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
