Senior Application Security Engineer

About the role

We are looking for a Senior Application Security Engineer to strengthen the security of our platforms and Agile Release Trains. The role blends deep cyber‑security expertise with software development knowledge and requires close collaboration with product, infrastructure, and cyber‑defense teams.

Key responsibilities

• Advance the application security strategy through cross‑functional initiatives and cultural influence.
• Lead security initiatives across the SDLC, introducing scalable automation and secure‑by‑design controls.
• Conduct security requirements analysis and threat modeling early in design phases.
• Partner with product, platform engineering, development, and cyber‑defense teams to align business goals with security needs.
• Perform security architecture, design, and code reviews.
• Execute hands‑on security testing, identify risks, and drive remediation with development teams.
• Implement software supply‑chain security practices to protect code, builds, and artifacts in the CI/CD pipeline.
• Balance business and security risks with pragmatic, technically grounded recommendations.
• Translate lessons learned into reusable assets that improve the organization’s security posture.
• Mentor engineers and promote a secure‑by‑default mindset.

Required profile

• 5+ years of experience in information security and at least 2 years in software development.
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
• One or more recognized cyber‑security certifications (e.g., CISSP, CEH, CSX, Azure Security Associate, AWS Security Specialty).
• Application security certification (e.g., CASE, CSSLP, OWSA, CWAD) is a plus.
• Proactive attitude with a track record of independently leading security initiatives.

Required skills

• Programming languages.NET, JavaScript, Python.
• Deep knowledge of enterprise, cloud, and cloud‑native architectures.
• Expertise in OWASP Top 10, OWASP SAMM, OWASP DSOMM, OWASP ASVS, OWASP MASVS.
• Threat modeling, security requirements analysis, and secure code review.
• Hands‑on security testing and software supply‑chain security in CI/CD pipelines.