Application Security Engineer

About the role

The Application Security Engineer will design, implement, and operate security controls to protect the company’s systems, applications, and data. You will lead penetration testing, vulnerability assessments, and incident response activities while staying ahead of emerging cyber threats.

Key responsibilities

• Administer and enforce security policies for system and application access.
• Perform application security testing, threat modeling, and security design reviews.
• Conduct penetration tests and vulnerability assessments across applications, operating systems, and networks.
• Respond to security incidents, isolate threats, and remove unauthorized access.
• Research emerging threats, conduct root‑cause analysis, and implement technical controls to reduce cloud‑based risks.
• Collaborate with Information Security partners to advance roadmaps and integrate security testing into the development lifecycle.
• Provide management with insights on business impact related to data compromise or system unavailability.
• Work within an agile framework and participate in on‑call rotation for incident response.

Required profile

• 5–7 years of experience securing cloud environments, primarily AWS.
• Bachelor’s degree in a related field or equivalent practical experience.
• Strong organizational and time‑management skills with attention to detail.
• Proven ability to build partnerships across cross‑functional teams.
• Excellent communication skills for presenting security risks to senior leadership.
• Experience managing security vendors and service providers.
• Relevant security certifications (e.g., CISSP, GIAC).

Required skills

• AWS cloud security
• Application security testing
• Penetration testing
• Vulnerability assessment
• Threat modeling
• Incident response
• Web Application Firewall (WAF) configuration
• Software development fundamentals