Application Security Engineer (AppSec)

About The Position

Requirements

• 3+ years of experience in application security, secure software development, or ethical hacking.
• Strong knowledge of secure coding principles and common application vulnerabilities.
• Hands-on experience with SAST, DAST, and SCA tools.
• Experience performing manual application and API penetration testing.
• Familiarity with REST APIs, authentication mechanisms, and authorization models.
• Understanding of CI/CD pipelines from a security testing perspective.
• Strong documentation and vulnerability reporting skills.

Responsibilities

• Perform application security testing, including SAST, SCA, and DAST analysis.
• Execute internal manual penetration testing of applications and APIs on a quarterly basis, within approved scope.
• Conduct threat modeling for new applications and significant changes.
• Identify, analyze, and document application-level vulnerabilities and security weaknesses.
• Work directly with development teams to support secure remediation and secure coding practices.
• Define and maintain secure coding standards aligned with OWASP Top 10 and OWASP API Top 10.
• Validate that security findings are properly remediated before release.
• Maintain vulnerability tracking and reporting in Archer or approved systems.
• Support ISO during audits and security assessments by providing application security evidence.