Senior Application Security Engineer

BS degree or equivalent years of experience and 8+ years of related experience in application security, DevSecOps, and cloud security.
Expertise in secure software development, penetration testing, and vulnerability management.
Expertise in code review (C#, Java, JavaScript, or similar).
Familiarity with writing in scripting languages (Python, Bash, Go, or similar) for automation.
Experience securing Kubernetes and containerized applications (e.g., Docker, Helm, Istio).
Hands-on knowledge of AWS, Azure, or GCP security, including IAM, networking, and compliance frameworks.
Proficiency in security automation and tooling (e.g., SAST, DAST, IaC scanning, secrets management, SIEM, WAFs).
Experience with modern CI/CD tools (e.g., GitHub Actions, GitLab CI/CD, Jenkins, ArgoCD) and security integrations.
Understanding of identity and access management, API security, and authentication mechanisms.
Knowledge of infrastructure-as-code (IaC) security (e.g., Terraform, AWS CloudFormation, Pulumi).

Conduct security assessments, including threat modeling, code reviews, and penetration testing.
Develop and integrate security automation within CI/CD pipelines for secure software delivery.
Develop security best practices for Kubernetes, containerized applications, and cloud environments.
Collaborate with DevOps and engineering teams to implement secure-by-design principles and enhance security observability.
Evaluate and deploy security tools for vulnerability management, secrets management, and runtime protection.
Provide mentorship and guidance to developers on secure coding practices and security awareness.
Perform security architecture reviews and risk assessments for applications and cloud services.
Investigate security incidents, perform root cause analysis, and recommend remediation strategies.
Stay up-to-date with emerging threats, vulnerabilities, and security technologies to proactively mitigate risks.

No preferred qualifications provided.