Senior Application Security Engineer AppSec Architect
Job Location:
Job Location:
Irving, TX - USA
Monthly Salary:
Not Disclosed
Monthly Salary:
Posted on:
14 days ago
Posted on:
Vacancies:
1 Vacancy
Vacancies:
Job Summary
Senior Application Security Engineer / AppSec Architect
Location: Irving/Addison TX (Onsite/Hybrid)
Experience Required: 10 Years
Employment Type: Contract to Hire
Experience Required: 10 Years
Employment Type: Contract to Hire
Job Summary:
We are seeking a highly skilled Senior Application Security Engineer with deep expertise in Application Security Testing Penetration Testing Secure SDLC Cloud Security and DevSecOps. The ideal candidate will possess strong hands-on experience performing advanced security assessments across enterprise web applications APIs cloud-native platforms and distributed environments.
This role requires extensive experience identifying and remediating complex vulnerabilities including OWASP Top 10 issues authentication/authorization weaknesses SSRF injection flaws insecure deserialization business logic vulnerabilities and cloud security misconfigurations across AWS Azure and hybrid enterprise infrastructures.
The candidate will work closely with Engineering DevOps Cloud Architecture Risk Compliance and Product Security teams to integrate security across the software development lifecycle while driving proactive risk reduction initiatives.
Day to Day responsibilities :
As a Security Engineer/Tester you will be performing authorized security testing on some of the very complex massive scale and highly critical applications. As part of a shift left focus you will be working part of the development team along with developers to proactively identify any security vulnerabilities (OWASP Top 10 SANS Top 25 CWE) at the earliest before they are discovered late in cycle by InfoSec teams or in production. You will be working as a liaison between the Infosec team and development teams understanding the security issues reported by central InfoSec teams to development teams to help them understand and fix them. You need to be highly passionate in following the constantly changing threat landscape and familiarize with latest security vulnerabilities that impacts the team.
Role Responsibilities:
As a Security Engineer/Tester you will be performing authorized security testing on some of the very complex massive scale and highly critical applications.
You must be self-directed able to work independently as well as work in a team-oriented and fast paced environment.
You need to be aware of a varied application security domains like authentication authorization identity management cryptography etc.
You require very good communication and presentation skills to be able to present your findings to Leadership/Management/Development teams to help them understand the Risk so that they can take informed decisions on mitigations controls and residual risk.
The ideal candidate is a team player self-starter and quick learner with 3 year of experience in software development/testing with large-scale enterprise applications.
The working experience requirement can be relaxed if the candidate has right skillset and has the capability to learn quickly.
When submitting a candidate under this consideration please highlight examples of quick learning on the resume.
As a Security Engineer/Tester you will be performing authorized security testing on some of the very complex massive scale and highly critical applications.
You must be self-directed able to work independently as well as work in a team-oriented and fast paced environment.
You need to be aware of a varied application security domains like authentication authorization identity management cryptography etc.
You require very good communication and presentation skills to be able to present your findings to Leadership/Management/Development teams to help them understand the Risk so that they can take informed decisions on mitigations controls and residual risk.
The ideal candidate is a team player self-starter and quick learner with 3 year of experience in software development/testing with large-scale enterprise applications.
The working experience requirement can be relaxed if the candidate has right skillset and has the capability to learn quickly.
When submitting a candidate under this consideration please highlight examples of quick learning on the resume.
Required Qualifications:
3 year of experience in software development/testing with large-scale enterprise applications.
Primary Skill Manual and automated testing (testing will be done on software)
Deep understanding of different web application technologies web protocols (HTTP HTTPS etc.) browser technologies etc.
In depth domain understanding of application security in terms of Identity and Access Management (IAM) different authentication technologies (passwords biometrics OTP digital certificates & PKI device authentication FIDO U2F/Passkeys etc.
Proven expertise on different security testing tools (Proxy tools like Fiddler Black box security testing tools like Burp Static Security Code analysis tools
Deep understanding of different application security vulnerabilities such as OWASP Top 10 SANS Top 25 CWE attack patterns (CAPEC) etc.
Bachelors Degree in Computer Science or equivalent experience.
Must be self-directed able to work independently as well as work in a team-oriented and fast paced environment
3 year of experience in software development/testing with large-scale enterprise applications.
Primary Skill Manual and automated testing (testing will be done on software)
Deep understanding of different web application technologies web protocols (HTTP HTTPS etc.) browser technologies etc.
In depth domain understanding of application security in terms of Identity and Access Management (IAM) different authentication technologies (passwords biometrics OTP digital certificates & PKI device authentication FIDO U2F/Passkeys etc.
Proven expertise on different security testing tools (Proxy tools like Fiddler Black box security testing tools like Burp Static Security Code analysis tools
Deep understanding of different application security vulnerabilities such as OWASP Top 10 SANS Top 25 CWE attack patterns (CAPEC) etc.
Bachelors Degree in Computer Science or equivalent experience.
Must be self-directed able to work independently as well as work in a team-oriented and fast paced environment
Desired Qualifications:
Working experience on different security technologies and standards like Single Sign On (SSO) using SAML/OpenID OAuth protocols etc.
Good understanding of Cryptographic algorithms and standards like Symmetric/Assymetric crypto techniques digital signatures JWS/JWE tokens Hardware Security Modules (HSMs) etc.
Understanding of Security vulnerabilities related to Cloud environments is an added advantage.
Well known Security certifications is an added advantage
Understanding of Threat Modelling concepts and Secure Development Life Cycle processes.
Mobile Application Security familiarity is desirable.
Working experience on different security technologies and standards like Single Sign On (SSO) using SAML/OpenID OAuth protocols etc.
Good understanding of Cryptographic algorithms and standards like Symmetric/Assymetric crypto techniques digital signatures JWS/JWE tokens Hardware Security Modules (HSMs) etc.
Understanding of Security vulnerabilities related to Cloud environments is an added advantage.
Well known Security certifications is an added advantage
Understanding of Threat Modelling concepts and Secure Development Life Cycle processes.
Mobile Application Security familiarity is desirable.
Key Responsibilities
Application Security & Penetration Testing
Perform advanced manual and automated penetration testing across web applications APIs microservices cloud-native workloads and distributed enterprise systems.
Conduct SAST DAST and SCA assessments using tools such as Fortify Snyk Burp Suite Qualys Invicti Wiz and DefectDojo.
Identify and validate vulnerabilities including:
Injection flaws (SQLi Command Injection)
Broken Authentication & Authorization
SSRF
IDOR
XSS
CSRF
Prototype Pollution
Insecure Deserialization
Business Logic Vulnerabilities
API Security Weaknesses
Perform secure code reviews across Java JavaScript Python C and Go applications.
Develop proof-of-concepts custom exploit scripts fuzzers and security automation tools using Python Go Bash and JavaScript.
Conduct adversary simulations and red-team-style attack assessments to identify attack paths and lateral movement risks.
Conduct SAST DAST and SCA assessments using tools such as Fortify Snyk Burp Suite Qualys Invicti Wiz and DefectDojo.
Identify and validate vulnerabilities including:
Injection flaws (SQLi Command Injection)
Broken Authentication & Authorization
SSRF
IDOR
XSS
CSRF
Prototype Pollution
Insecure Deserialization
Business Logic Vulnerabilities
API Security Weaknesses
Perform secure code reviews across Java JavaScript Python C and Go applications.
Develop proof-of-concepts custom exploit scripts fuzzers and security automation tools using Python Go Bash and JavaScript.
Conduct adversary simulations and red-team-style attack assessments to identify attack paths and lateral movement risks.
Security Operations & Threat Management
Support enterprise security monitoring incident response and forensic investigations.
Analyze SIEM alerts and threat telemetry using Splunk QRadar Chronicle and Sourcefire.
Conduct root cause analysis (RCA) and threat hunting activities across enterprise environments.
Develop and tune security detection logic correlation rules and anomaly detection workflows.
Support digital forensics investigations using EnCase FTK Wireshark and TCPDump.
Assist in fraud detection AML investigations and transaction anomaly analysis.
Analyze SIEM alerts and threat telemetry using Splunk QRadar Chronicle and Sourcefire.
Conduct root cause analysis (RCA) and threat hunting activities across enterprise environments.
Develop and tune security detection logic correlation rules and anomaly detection workflows.
Support digital forensics investigations using EnCase FTK Wireshark and TCPDump.
Assist in fraud detection AML investigations and transaction anomaly analysis.
Data Protection & Zero Trust Security
Implement and manage enterprise DLP and endpoint protection solutions.
Configure and administer:
CrowdStrike
CyberArk PAM
Netskope
Zscaler
Microsoft Purview DLP
Symantec DLP
Design Zero Trust security architectures and privileged access governance controls.
Implement endpoint hardening and insider threat mitigation strategies.
Configure and administer:
CrowdStrike
CyberArk PAM
Netskope
Zscaler
Microsoft Purview DLP
Symantec DLP
Design Zero Trust security architectures and privileged access governance controls.
Implement endpoint hardening and insider threat mitigation strategies.
Required Skills
Application Security
Strong expertise in:
Web Application Security
API Security Testing
Penetration Testing
Threat Modeling
Secure Code Review
Secure Architecture Reviews
Deep understanding of:
OWASP Top 10
MITRE ATT&CK
NIST Cybersecurity Framework
Security by Design principles
Security Tools
Web Application Security
API Security Testing
Penetration Testing
Threat Modeling
Secure Code Review
Secure Architecture Reviews
Deep understanding of:
OWASP Top 10
MITRE ATT&CK
NIST Cybersecurity Framework
Security by Design principles
Security Tools
Burp Suite
Fortify
Snyk
Invicti
Qualys
Wiz
DefectDojo
Splunk
QRadar
CrowdStrike
Cloud & DevSecOps
Fortify
Snyk
Invicti
Qualys
Wiz
DefectDojo
Splunk
QRadar
CrowdStrike
Cloud & DevSecOps
AWS Security Architecture
Azure Security Architecture
Terraform
Jenkins
GitHub / GitLab CI/CD
Kubernetes Security
Docker Security
Infrastructure as Code (IaC)
Programming & Automation
Azure Security Architecture
Terraform
Jenkins
GitHub / GitLab CI/CD
Kubernetes Security
Docker Security
Infrastructure as Code (IaC)
Programming & Automation
Python
GoLang
JavaScript
Bash
REST APIs
JSON/YAML
GoLang
JavaScript
Bash
REST APIs
JSON/YAML
Preferred Qualifications
CISSP Certification preferred
CCSK / Security preferred
Experience in Healthcare Financial Services or Regulated Enterprise environments
Experience supporting PCI-DSS HIPAA ISO 27001 SOX and NIST compliance initiatives
Strong communication stakeholder management and executive reporting experience
Experience mentoring junior security engineers and leading security initiatives
CCSK / Security preferred
Experience in Healthcare Financial Services or Regulated Enterprise environments
Experience supporting PCI-DSS HIPAA ISO 27001 SOX and NIST compliance initiatives
Strong communication stakeholder management and executive reporting experience
Experience mentoring junior security engineers and leading security initiatives
Nice to Have
Red Team / Offensive Security experience
AI/ML Security exposure
Cloud-native container security experience
Fraud analytics and payment security domain experience
Experience with Chronicle SIEM and GCP Security services
AI/ML Security exposure
Cloud-native container security experience
Fraud analytics and payment security domain experience
Experience with Chronicle SIEM and GCP Security services
Education
Bachelors Degree in Computer Science Cybersecurity Information Technology or related discipline.
