We are looking for a highly skilled Application Security Engineer with software engineering and automation capabilities to join our security team.
The ideal candidate will have hands-on experience in application security testing, secure development practices, and building automation or tooling to improve security operations at scale.
This role is ideal for someone who can bridge the gap between security and engineering — not just identifying vulnerabilities, but also building solutions.
Key Responsibilities Perform application security assessments across web applications, APIs, and microservices.
Conduct secure code reviews and provide actionable remediation guidance to development teams.
Identify and validate vulnerabilities including: Injection flaws Authentication and authorization issues Business logic flaws Deserialization and RCE vulnerabilities Develop automation tools to improve vulnerability management, reporting, and analysis workflows.
Integrate security into CI/CD pipelines and DevSecOps processes.
Work closely with developers to improve secure coding practices.
Build proof-of-concept exploits where necessary to demonstrate risk.
Analyze results from SAST, DAST, SCA, and infrastructure security tools.
Contribute to internal security tooling and innovation initiatives (AI/automation encouraged).
Required Skills & Qualifications 5+ years of experience in Application Security, Security Engineering, or Penetration Testing.
Good programming skills in at least one language (Python, JavaScript, Go, or similar).
Experience with web technologies and APIs (REST, JSON, authentication mechanisms).
Solid understanding of: OWASP Top 10 Modern web attack techniques Secure architecture principles Experience with security tools such as Burp Suite, Nessus, SAST/DAST platforms.
Familiarity with Docker / Kubernetes and modern development workflows.
Ability to automate repetitive security tasks.
Nice to Have Experience building internal tools or security automation platforms.
Knowledge of cloud security (AWS, Azure, GCP, or similar).
DevSecOps experience integrating security into pipelines.
Experience with AI/LLM-assisted development or security analytics.
Background in software development or backend engineering.
Offensive security certifications (OSCP) – Mandatory