Security

Senior Application Security Engineer, CyberSecurity (Remote)

Preferable Location(s): Chandigarh, India | Delhi, India | Bengaluru, India
Work Type: Full Time
Apply Now
Senior Application Security Engineer, Cybersecurity

 

 

Job Code

 
 
FLSA Status
Exempt
Reports To Title
Director, Cybersecurity Technical Assessments
# of Direct Reports
0
Job Level
P3
Last Updated Date
6/24/2025

I. Job Summary
The Senior Application Security Engineer, Cybersecurity will serve as a key member of the Cybersecurity Technical Assessments team, providing advanced expertise in secure software development practices and application tooling.  This role is responsible for managing and optimizing the application security tool stack—including SAST, DAST, SCA, IaC scanning, and secret detection—and ensuring its effective integration into the software development lifecycle (SDLC).  The Senior Application Security Engineer will collaborate with development, engineering, and product teams to identify, triage, and remediate vulnerabilities, while also mentoring junior engineers and contributing to the evolution of secure development practices across the organization.

II. Job Competencies
Technical Proficiency:

Deep expertise in application security tooling (SAST, DAST, SCA, IaC scanning, secret scanning)

Strong understanding of secure coding principles and SDLC integration

Proficiency in scripting and programing languages (e.g., .NET, Python, JavaScript)

Analytical Skills:

Ability to analyze and validate security findings, prioritize risk, and guide remediation

Strong attention to detail in identifying false positives and systemic security gaps

Communication Skills:

Ability to clearly communicate technical issues to both technical and non-technical stakeholders

Skilled in writing documentation, reports, and presenting findings to cross-functional teams

Team Collaboration:

Experience working in Agile/DevOps environments with cross-functional teams

Ability to mentor junior engineers and lead small-scale security initiatives

Ability to work effectively with a remotely located team spanning multiple time zones

Continuous Learning:

Commitment to staying current with evolving security tools, threats, and best practices

Active pursuit of professional development and relevant certifications


III. Essential Job Functions
Manage and optimize application security tools (SAST, DAST, SCA, IaC, secret scanning) and ensure effective integration into CI/CD pipelines and the SDLC lifecycle
Analyze source code and infrastructure-as-code for security vulnerabilities and provide actionable remediation guidance
Validate and triage findings from security tools, removing false positives and ensuring accurate issue tracking
Create and manage remediation tickets (e.g., Aha! Ideas, ServiceNow Requests), ensuring vulnerabilities are prioritized, assigned, and tracked to resolution
Collaborate with development and engineering teams to validate remediation efforts and confirm closure of security issues
Participate in the risk management process by documenting, reviewing, and maintaining risk exceptions for unresolved or accepted vulnerabilities
Work with risk owners and business stakeholders to ensure appropriate compensating controls are in place and documented
Lead secure code reviews and contribute to threat modeling and design discussions for high-risk applications
Mentor junior engineers and provide technical guidance on secure development practices
Contribute to the development and refinement of secure coding standards, policies, and procedures
Develop and maintain dashboards and reports that communicate application security posture, remediation progress, and risk trends to leadership
Identify recurring security issues and propose systemic improvements to reduce future risk
Lead efforts to evaluate, pilot, and implement new application security tools and integrations that enhance automation and coverage
Continuously refine scanning configurations and policies to improve signal-to-noise ratio in findings
Stay informed on emerging threats, vulnerabilities, and industry trends, and recommend improvements to tooling and processes
Participate in the evaluation and onboarding of new security tools and technologies
Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues.
This document is not an exhaustive list of all responsibilities, skills, duties, requirements, or working conditions associated with the job. Associates may be required to perform other job-related duties as required by their supervisor, subject to reasonable accommodation.

IV. Employment Qualifications
Legally Required License / Certification (Ex: MD, RN, LPN, etc.) ONE CERTIFICATION PER FIELD

Ensemble Required License / Certification (Ex: CRCR) ONE CERTIFICATION PER FIELD
Preferred Certifications: CISSP, CSSLP, CCSP, OSWE, OSCP, GPEN, GWEB
Or other approved job relevant certification.
Desired Work Experience
Job Experience
People Leadership Experience
5 to 7 Years
NA
Desired Education
Education Level
Preferred Area of Study
Bachelor’s Degree or Equivalent Experience
Computer Science, Information Security, or a related field.
Other Preferred Knowledge, Skills and Abilities

A minimum of 5 years of experience in software development, architecture, or engineering roles

A minimum of 3-5 years of experience applying secure development practices or working directly with application security tools (e.g., SAST, DAST, SCA, IaC scanning)

Demonstrated experience leading remediation efforts and collaboration between development and security teams to address vulnerabilities

Ability to read and interpret stack traces and source code call trees to validate and triage security findings

Experience working in Agile/SCRUM environments and implementing CI/CD and DevOps practices

Proficiency in scripting languages (e.g., Python, PowerShell, Bash) to support automation and developer tooling

Experience deploying and automating security solutions in enterprise environments using AWS and/or Azure

Hands-on experience with application security platforms including SAST, DAST, SCA, IaC scanning, and secret detection tools

Proficiency in one or more programming languages such as Java, .NET (C#), PHP, JavaScript, or Python)

Working knowledge of SQL and relational database security considerations

Strong understanding of OWASP Top10 and secure coding standards

Experience with version control systems (Github, Azure DevOps, Gitlab) and CI/CD pipeline integration

Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and containerization technologies (Docker, Kubernetes)

Strong analytical and problem-solving skills, with the ability to bring structure and clarity to complex technical challenges

Familiarity with Linux and Windows operating systems and cloud-native security practices in Azure, AWS, or GCP

Ability to create scripts (PowerShell/bash)

Adherence to secure change management and deployment processes

Excellent communication skills and the ability to serve as a security ambassador across engineering and product teams

Proven ability to take ownership of complex issues and drive them to resolution with minimal oversight

Numbers of Positions:
2
 

Submit Your Application

You have successfully applied
  • You have errors in applying
Social Network and Web Links
Provide us with links to see some of your work (Git/ Dribble/ Behance/ Pinterest/ Blog/ Medium)