Application security Engineer
Role details
Job location
Tech stack
Job description
Design and implement application security controls across the SDLC. Perform security assessments for web, mobile, APIs, and AI/GenAI applications. Conduct penetration testing to identify and remediate application vulnerabilities. Perform secure code reviews and recommend remediation strategies. Utilize SAST and DAST tools to identify security flaws in applications. Evaluate AI/LLM applications for prompt injection, data leakage, insecure output handling, model abuse, and other AI-specific threats. Collaborate with development teams to integrate secure coding practices and DevSecOps principles. Conduct threat modeling and risk assessments for new applications and services. Validate vulnerability fixes through security testing and re-assessments. Develop and maintain application security standards, policies, and best practices. Work closely with development, infrastructure, cloud, and DevOps teams to improve the organization''s security posture. Support security incident investigations involving application vulnerabilities. Stay current with emerging cybersecurity threats, AI security trends, and industry best practices.
Requirements
5+ years of experience in Application Security (AppSec). Hands-on experience securing AI/Generative AI (GenAI) applications. Strong experience performing Penetration Testing of web applications, APIs, and cloud-hosted services. Deep understanding of OWASP Top 10, OWASP ASVS, and secure coding standards. Experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Experience performing threat modeling and secure design reviews.