Application Security Engineer

FirstPRO is seeking a Application Security Engineer who will play a key role in strengthening the security posture of our applications, platforms, and software development lifecycle. This role partners closely with software engineering, DevOps, and cybersecurity teams to embed security best practices throughout design, development, deployment, and operations., * Act as a key security liaison between Cybersecurity and Software Development teams, ensuring security is integrated across the SDLC

• Perform application security assessments, including code reviews, API testing, threat modeling, vulnerability assessments, and penetration testing
• Define, document, and enforce secure coding standards and best practices
• Integrate and manage application security tools within CI/CD pipelines (SAST, DAST, SCA, IaC scanning, and container security tools)
• Support secure architecture and design reviews for cloud-native, microservices, and containerized applications
• Conduct and contribute to threat modeling and security risk assessments
• Ensure application security practices align with regulatory and industry frameworks (e.g., NIST CSF, ISO 27001, IEC 62443)
• Develop and deliver security awareness and secure coding training for development teams
• Monitor, triage, and respond to application security vulnerabilities and incidents
• Stay current on emerging threats, vulnerabilities, and industry trends, incorporating threat intelligence into security practices
• Manage relationships with third-party security vendors and consultants
• Perform additional duties as assigned

Do you have experience in Vulnerability management?, Do you have a Bachelor's degree?, * Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field

• 5+ years of experience in Information Security, with at least 3 years focused on Application Security, Secure Development, or DevSecOps
• Proven experience contributing to or leading an Application Security program
• Strong understanding of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC principles
• Hands-on experience with AppSec tools such as Burp Suite, Fortify, Checkmarx, Veracode, and OWASP ZAP
• Experience with threat modeling, penetration testing, secure architecture design, and vulnerability management
• Experience securing cloud environments (AWS or Azure) and implementing cloud-native security controls
• Familiarity with Kubernetes security, container hardening, and runtime security practices
• Strong communication skills with the ability to influence both technical and non-technical stakeholders
• Active passport and willingness to travel internationally

Preferred

• Certifications such as CISSP, CSSLP, OSCP, GWAPT, CEH, or GIAC Cloud Security certifications
• Experience securing embedded systems and/or mobile applications

$120,000 - $140,000 a year - Permanent, Full-time, Pulled from the full job description

• Health insurance
• Vision insurance
• Dental insurance, * Dental insurance
• Health insurance
• Vision insurance