Application Security Engineer

Role: Application Security Engineer

Position Type: Full-Time Contract (40hrs/week)

Contract Duration: Long Term

Work Schedule: 8 hours/day (Mon-Fri)

Work Hours: IST

Location: 100% Remote

We’re seeking a proactive Application Security Engineer to secure applications across the SDLC and embed DevSecOps practices into engineering workflows. This role is ideal for someone with a strong software development background who has moved into Application Security.

Key Responsibilities:

• Perform manual and automated security testing (web, mobile, cloud apps)

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Embed security into SDLC through DevSecOps practices
• Conduct secure code reviews, threat modeling, and risk assessments
• Implement and manage SAST, DAST, SCA, IAST tools
• Integrate application security tools into CI/CD pipelines
• Monitor, triage, and remediate application-layer vulnerabilities
• Lead application security incident response
• Partner with engineering, QA, and Dev teams to validate fixes
• Drive developer security training and promote a security-first culture

Requirements:

• 4–10 years of experience (minimum 3+ years in Application Security)
• Strong software development background
• Experience with web technologies (JavaScript, Python, REST APIs, etc.)
• Knowledge of OWASP Top 10, SANS Top 25, CWE, CVE
• Experience securing applications in AWS, Azure, or GCP
• Strong collaboration and communication skills

Nice to Have:

• Certifications: OSCP, CSSLP, GWAPT, CEH
• CI/CD and container security
• Familiarity with SOC 2, ISO 27001, PCI DSS