Senior Application Security Engineer

Key Responsibilities: Penetration Testing & Vulnerability Assessment : Perform manual and automated penetration testing of web applications, mobile applications, APIs, and other software assets to identify security weaknesses and vulnerabilities. Threat Modeling & Risk Analysis : Collaborate with teams to perform threat modeling and risk assessments for new applications, services, and features. Vulnerability Reporting & Remediation : Provide detailed and actionable vulnerability reports, including risk ratings, proof-of-concept exploits, and mitigation strategies. Guide development teams in remediating discovered vulnerabilities. Security Audits & Code Reviews : Conduct security audits, static code analysis, and dynamic application security testing (DAST) to identify vulnerabilities at the code level and in running applications. Security Tools & Automation : Utilize and configure automated security testing tools (e.g., Burp Suite, OWASP ZAP, etc.) to assist in identifying vulnerabilities in both custom and third-party applications. Security Training & Awareness : Educate and train developers, QA engineers, and other stakeholders on secure coding practices, application security best practices, and threat mitigation strategies. Continuous Improvement : Stay up to date on the latest security vulnerabilities, attack vectors, and tools to continuously improve the organization’s security posture. Collaboration : Work closely with development, QA, and IT teams to embed security into the software development lifecycle (SDLC) through proactive threat intelligence and security testing. Incident Response Support : Assist in incident response activities by investigating and analyzing security breaches related to applications and providing actionable insights.