Application Security Engineer

Role: Application Security Engineer

Position Type: Full-Time Contract (40hrs/week)

Contract Duration: 12 Months

Work Hours: IST

Work Schedule: 8 hours/day (Mon-Fri)

Location: 100% Remote

We are looking for a skilled Application Security Engineer to join our Information Security team and support the security of modern web applications and services. This role focuses on integrating security into the SDLC, automating security testing, and partnering closely with engineering teams to identify and remediate application-layer risks.

Key Responsibilities

• Support and enhance security test automation within CI/CD pipelines (GitHub).
• Perform application security testing using SAST, SCA, and DAST tools.
• Collaborate with engineering teams to review findings and provide remediation guidance.
• Assist in defining and enforcing application security requirements.
• Support protection of external-facing applications using Web Application Firewall (WAF) technologies.
• Analyze application code from a security perspective to identify OWASP Top 10 vulnerabilities.
• Partner with internal stakeholders to drive secure design and implementation.

Required Qualifications

• 3+ years of hands-on experience in Application Security / Information Security.
• 3+ years of experience securing web applications and web services.
• Strong experience with SAST, SCA, and DAST tools.
• Proficiency in at least one programming language: Python, C#, or JavaScript.
• Solid understanding of authentication and authorization (OAuth, SAML, Basic Auth).
• Knowledge of cryptographic concepts such as TLS, IPSEC, and data-at-rest encryption.
• Ability to read and understand application code to identify security weaknesses.

Nice to Have

• Experience integrating security tools into CI/CD pipelines.
• Familiarity with WAF technologies.
• Experience working in Agile or DevSecOps environments.