Application Security Engineer (AppSec)
About the Role
You will ensure the security of applications, APIs and software components throughout the software development lifecycle. You will perform automated and manual security testing (SAST, DAST, SCA), run internal application and API penetration tests, and perform threat modeling for new applications and significant changes. You will identify, document and track vulnerabilities, validate remediations before release, and work directly with development teams to support secure coding practices and maintain secure coding standards. You will also prepare application security evidence and support audits and security assessments.
Requirements
- 3+ years of experience in application security, secure software development or ethical hacking
- Strong knowledge of secure coding principles and common application vulnerabilities
- Hands-on experience with SAST, DAST and SCA tools
- Experience performing manual application and API penetration testing
- Familiarity with REST APIs, authentication mechanisms and authorization models
- Understanding of CI/CD pipelines from a security testing perspective
- Strong documentation and vulnerability reporting skills
Responsibilities
- Perform application security testing including SAST, SCA and DAST analysis
- Execute internal manual penetration testing of applications and APIs within approved scope
- Conduct threat modeling for new applications and significant changes
- Identify, analyze and document application-level vulnerabilities and security weaknesses
- Work directly with development teams to support remediation and secure coding practices
- Define and maintain secure coding standards aligned with OWASP Top 10 and OWASP API Top 10
- Validate that security findings are properly remediated before release
- Maintain vulnerability tracking and reporting in Archer or approved systems
- Support the Information Security Officer during audits and security assessments by providing application security evidence