Job Description
QAD is seeking a Senior Application Security Engineer. As an Application Security Engineer, you will play a critical role in ensuring the security and integrity of our organization's applications and software systems. You will be responsible for identifying and mitigating security vulnerabilities, conducting risk assessments, and implementing robust security measures to safeguard our applications against potential threats. This role requires a deep understanding of application security best practices, emerging threats, and the ability to work collaboratively with development teams to integrate security seamlessly into the software development lifecycle.
What you’ll do:
- Conduct comprehensive security assessments and penetration testing of applications to identify vulnerabilities and risks.
- Collaborate with development teams to review code, offer guidance on secure coding practices, and assist in remediation efforts.
- Work with software architects to integrate security into application design and recommend security controls.
- Develop and maintain threat models for applications, aiding in the creation of mitigation strategies.
- Educate development teams on secure coding practices and stay informed about evolving security threats and best practices.
- Assist in investigating and responding to application-related security incidents, collaborating with the incident response team.
- Create and maintain documentation on application security policies, procedures, and guidelines.
- Generate reports on security assessments and findings.
- Coordinate with cross-functional teams to integrate security into the software development lifecycle.
- Collaborate with external security organizations and researchers to stay updated on emerging threats and vulnerabilities.
- Define secure application architectures for SaaS applications.
- Develop automated processes for SCA, DAST, and SAST.
- Integrate security testing tools into CI/CD pipelines for continuous security assessments.
Qualifications
What you'll need:
- A bachelor's degree in a relevant field such as Computer Science, Information Technology, Cybersecurity, or a related discipline
- 3-5 years of experience in network security with a strong focus on AWS, GCP, and cloud architectures.
- Excellent written and verbal communication skills in English.
- Senior level programming and scripting skills (Java, Python, TypeScript)
- Proven experience in application security, with a strong understanding of secure coding practices.
- In-depth knowledge of common application security vulnerabilities (OWASP Top 10) and the ability to remediate them.
- Experience with tools and techniques for vulnerability assessment, penetration testing, and code review (Veracode, Snyk, SonarQube).
- Familiarity with security standards, frameworks, and compliance requirements (SAML, OIDC, OAuth, Spring Security).
- Excellent communication and collaboration skills.
- Relevant certifications such as CISSP, CSSLP, or CEH are a plus.
See more jobs at QAD, Inc.
Apply for this job