Senior Application Security Engineer

Position Overview

Reporting to the Head of Application Security, you will be a key contributor to securing our corporate applications by collaborating closely with application development teams. This role is accountable for application security through threat modeling, DevSecOps automation, and implementation of security controls.

The ideal candidate brings strong security expertise with scripting and automation skills but is not expected to have deep software engineering or programming experience. You will work cross-functionally to identify application assets, map data flows, evaluate threats, and ensure cybersecurity controls are embedded and continuously measured.

What You’ll Do

• Lead threat modeling exercises to proactively identify security risks across applications and infrastructure layers.

• Collaborate with agile and waterfall development teams to integrate security requirements and acceptance criteria throughout the SDLC.

• Analyze application components, data flows, and external dependencies to anticipate and mitigate vulnerabilities.

• Automate security build pipelines and scanning processes, focusing on Docker container security and security scanning automation using scripting languages such as Python, PowerShell, or Ruby.

• Conduct security code reviews targeting common vulnerabilities (e.g., injection, XSS, insecure configurations), without requiring deep programming expertise.

• Implement and maintain security controls including encryption, authentication, access controls, and input validation.

• Provide guidance and training on secure coding practices and security tool usage to development teams.

• Evaluate and deploy security tools and automation solutions to enhance application security posture and streamline operations.

• Partner closely with Application Security Testers to measure control effectiveness and identify gaps.

• Ensure alignment with regulatory frameworks and industry best practices including HIPAA, PCI, NIST, and others.

What You Bring

Required:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

• 12+ years of cybersecurity experience with 4+ years specifically in application security and threat modeling.

• 2+ years working in Agile environments, writing user stories including security acceptance criteria.

• Proficiency in scripting languages (Python, PowerShell, Ruby) to automate security processes, with a focus on container and build pipeline automation.

• Strong understanding of API, web application, and container security vulnerabilities.

• Experience in Microsoft technology stack (.NET and related).

• Excellent verbal and written communication skills and strong customer service orientation.

• Comfortable working cross-functionally with development, security testing, and operations teams.

Preferred:

• Hands-on experience with secure code review and application development.

• Familiarity with source code management, build/deployment pipelines, and web application firewalls.

• Knowledge of OWASP Top 10, MITRE CWE Top 25, and secure coding standards.

• Relevant certifications such as CISSP, CDP, E|CDE.

• Experience with compliance and regulatory standards such as HIPAA, PCI, CIS, HiTrust, ISO 27001, NIST.