Application Security Engineer

Position Impact

As an Application Security Engineer, you will be at the forefront of securing our applications and infrastructure. You will work with cross-functional teams to embed security into the software development life cycle (SDLC), reduce risk exposure, and ensure compliance with industry standards. Your expertise will directly safeguard sensitive data, protect against emerging threats, and strengthen our overall security posture.

Roles & Responsibilities

· Partner with development teams to embed security principles and practices throughout the SDLC.

· Perform code security assessments to uncover vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure APIs.

· Lead threat modeling sessions and conduct risk assessments for upcoming features and services.

· Deploy, configure, and maintain tools for both static and dynamic application security testing.

· Assess security risks and propose effective mitigation and remediation strategies.

· Ensure sensitive data (e.g., credentials, tokens, keys) remains protected during builds and deployments.

· Collaborate with teams to remediate or replace insecure third-party libraries and components.

· Support internal and external audits concerning application and infrastructure security practices.

· Strengthen CI/CD pipelines and infrastructure by enforcing secure configurations.

· Monitor and stay informed on the latest exploits, vulnerabilities, and application security trends.

· Deliver training and mentorship to developers on secure coding standards and practices.

· Develop and maintain internal playbooks, documentation, and security guidelines.

· Ensure cloud services (AWS, Azure, GCP) are deployed with secure configurations and controls.

· Review, audit, and optimize access permissions, network policies, and identity management practices.

Requirements & Qualifications

· Bachelor's/Master's in Computer Science, Cybersecurity, or related discipline.

· Minimum 5 years of experience in Application Security, Security Engineering, or DevSecOps.

· Strong knowledge of web application vulnerabilities and remediation (OWASP Top 10, CWE Top 25).

· Experience with security testing tools such as Burp Suite, OWASP ZAP, Checkmarx, Veracode, or Fortify.

· Proficiency in secure coding practices across languages (Java, Python, JavaScript, C#, etc.).

· Hands-on experience with CI/CD and security automation (Jenkins, GitLab CI, GitHub Actions).

· Cloud security expertise in AWS, Azure, or GCP (IAM, secrets management, networking).

· Familiarity with container and microservices security (Docker, Kubernetes).

· Experience with compliance standards (ISO 27001, SOC 2, PCI DSS, GDPR).

Preferred Skills

· Security certifications such as OSWE, OSCP, GWAPT, CEH, or CISSP.

· Knowledge of Infrastructure-as-Code security (Terraform, CloudFormation).

· Experience with API security testing and automation.

• · Strong communication and collaboration skills to bridge technical and non-technical teams.

Microservices Architecture:

• Develop and maintain microservices-based architectures to ensure scalability and fault tolerance.
• Implement service-to-service communication using protocols like gRPC or message brokers (e.g., SQS, RabbitMQ).
• Ensure proper logging, monitoring, and error handling across all services.
• Strong understanding of AWS Lambda and other microservices related products by AWS will be a plus.

Version Control and CI/CD:

• Utilize advanced Git branching strategies (e.g., Git Flow, Trunk-Based Development) to manage codebase changes effectively.
• Participate in code reviews to enforce quality standards and share knowledge within the team.
• Automate deployment pipelines using CI/CD tools to streamline releases to EC2 instances running Nginx .

API Testing and Quality Assurance:

• Use API testing frameworks and tools like Postman, Bruno , or Insomnia to validate API functionality and performance.
• Write automated tests for APIs, including unit tests, integration tests, and end-to-end tests.
• Collaborate with QA engineers to identify and resolve bugs before they reach production.

Production Support and Incident Management:

• Monitor production systems to proactively detect and address issues.
• Troubleshoot and resolve incidents affecting live environments, ensuring minimal downtime.
• Document root cause analyses and implement preventive measures to avoid recurrence.

Mentorship and Knowledge Sharing:

• Mentor junior developers and provide guidance on best practices for backend development.
• Conduct workshops or training sessions to upskill the team on emerging technologies and methodologies.
• Contribute to internal documentation and knowledge repositories.

Required Qualifications

• Bachelor's degree in Computer Science, Software Engineering, or a related field (or equivalent experience).
• 10+ years of professional experience in backend development using and frameworks like NestJS.
• Proven track record of working on large-scale, multi-client production environments.
• Expertise in relational databases, specifically MariaDB, including schema design, query optimization, and indexing.
• Strong understanding of microservices architecture, including inter-service communication, load balancing, and containerization.
• Proficient in Git workflows, including advanced branching strategies and conflict resolution.
• Familiarity with API testing tools like Postman, Bruno, or similar frameworks.

Preferred Skills

• Experience with containerization technologies like Docker and orchestration tools like Kubernetes.
• Knowledge of message brokers such as SQS, RabbitMQ or Redis for asynchronous processing.
• Familiarity with observability tools like Prometheus, Grafana, or ELK Stack for monitoring and logging.
• Demonstrated ability to apply programming principles like SOLID, IoC, and DRY in real-world projects.