Leading Fintech - Application Security Engineer

We are seeking a skilled and passionate Application Security Engineer to join our team. The ideal candidate will have experience implementing and integrating security scanning tools into the Software Development Life Cycle (SDLC) and conducting manual code reviews. You will work closely with developers, DevOps, and security teams to ensure secure coding practices and identify vulnerabilities in applications across various stages of development.

Key Responsibilities:

Security Integration in SDLC:

• Integrate and maintain application security tools (e.g., SAST, DAST, SCA) into CI/CD pipelines.
• Define and implement security gates to ensure vulnerabilities are addressed before deployment.
• Collaborate with development teams to provide training on secure development practices and tools.

Manual Code Reviews:

• Perform in-depth manual code reviews to identify security vulnerabilities.
• Document findings and provide actionable recommendations for remediation.
• Develop and maintain secure coding guidelines and standards for the organization.

Vulnerability Management:

• Analyze and triage vulnerabilities identified by scanning tools and prioritize remediation efforts.
• Coordinate with developers to ensure vulnerabilities are fixed in a timely manner.

Collaboration and Training:

• Serve as the security subject matter expert (SME) for development teams.
• Conduct regular training sessions to improve team awareness of secure coding practices and emerging threats.
• Actively participate in architecture and design discussions to ensure security is baked into solutions.

Policy and Compliance:

• Support compliance with relevant security standards (e.g., OWASP Top 10, CWE, PCI-DSS, GDPR, etc.).
• Ensure code aligns with organizational security policies and industry best practices.

Threat Modeling and Risk Assessment:

• Perform threat modeling for applications to identify risks early in the development process.
• Assess and mitigate risks during design reviews.

Qualifications:

Required Skills and Experience:

• Programming Languages: Expertise in secure coding and manual code review for Java, Python and JavaScript.
• Scanning Tool Integration: Hands-on experience integrating tools like SonarQube, Snyk, Veracode, Checkmarx, Fortify, or similar into CI/CD pipelines.
• Familiarity with dependency scanning tools like Snyk or OWASP Dependency-Check.
• Working knowledge of static and dynamic analysis tools (SAST and DAST).
• Strong understanding of SDLC processes and where security fits into agile workflows.
• Deep understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25).
• Experience with Git-based workflows and CI/CD tools such as GitHub Actions or GitLab CI

Preferred Skills:

• Expertise in secure coding and manual code review for Typescript and Flutter
• Familiarity with container and cloud security (e.g., Docker, Kubernetes, AWS, Azure).
• Experience with Infrastructure as Code (IaC) scanning tools (e.g., Terraform, CloudFormation).
• Knowledge of secure API development and testing (e.g., GraphQL, REST, WebSockets). Certification(s) such as OSCP, CISSP, CEH, or CSSLP.