Description
You will own application security engineering functions across the software development lifecycle.
Responsibilities
- Plan, execute, and document manual and tool-assisted penetration tests against web apps and REST/GraphQL/gRPC APIs.
- Facilitate Threat Modeling sessions using STRIDE or Attack-Tree methods for new or modified services.
- Champion secure-by-default patterns across the SDLC, including least privilege and IaC hardening.
- Produce risk artifacts, recommend mitigations, and track the closure of security findings.
- Contribute to internal security tooling and CI/CD guardrails.
Required Skills
- 4+ years in product or application security engineering with hands-on web/API penetration testing experience.
- Expertise with a leading penetration testing platform (e.g., Burp Suite Pro, OWASP ZAP).
- Scripting and automation ability in Python, Go, or similar languages.
- Practical experience with STRIDE or comparable threat-model frameworks.
- Familiarity with cloud-native environments such as microservices and Kubernetes.
- Bachelor's degree in Computer Science, Engineering, or equivalent practical experience.
- Exceptional written and verbal communication skills for technical and non-technical audiences.
Preferred Skills
- Offensive-security certifications (OSCP, OSWE, OSWA, BSCP).
- Secure-coding experience in Java, Node.js, C#, Python, or Rust.
- Experience with security controls for AWS, Azure, or Google Cloud.
Education
Bachelor's degree
- Posted On: 15+ Days Ago
- Experience: 5+ years of experience
- Availability: Hybrid
- Openings: 1
- Category: Application Security Engineer
- Tenure: Contract - W2 Position