Application Security Engineer

Job Title: Application Security Specialist – Invicti

Fulltime

Job Summary

We are seeking an experienced Application Security Specialist to strengthen the security posture of web applications and APIs through Dynamic Application Security Testing (DAST), automated vulnerability scanning, and continuous security testing. This role will leverage Invicti Enterprise to support scalable application security testing across the secure SDLC, including integration within CI/CD pipelines. The ideal candidate will have strong hands-on experience configuring, operating, and optimizing Invicti (Acunetix/Netsparker) or comparable DAST platforms in an enterprise environment, with demonstrated ability to validate findings, troubleshoot scan issues, and partner effectively with development teams.

1. Onboard web applications and APIs to the Invicti Enterprise platform for authenticated and unauthenticated DAST scans.
2. Configure DAST scans using pre-request scripts and custom scan settings to support complex authentication and application flows.
3. Monitor scan execution, status, and failures; troubleshoot issues related to authentication, session handling, crawl limitations, and coverage gaps
4. Analyze, validate, and triage vulnerabilities identified by Invicti, distinguishing true positives from false positives and appropriately dispositioning findings
5. Perform manual verification using Burp Suite, as needed, to reduce false positives and false negatives
6. Integrate DAST scanning into CI/CD pipelines to enable continuous security testing within DevOps workflows
7. Stay current on emerging web application and API vulnerabilities, OWASP Top 10 and API Top 10, and application security best practices

Required Skills & Qualifications

1. Strong understanding of web technologies, including HTTP/S, requests and responses, headers, cookies, and session handling
2. Hands on experience writing JavaScript for scan configuration and pre-request scripting
3. 3–5 years of hands-on experience with Invicti (Acunetix/Netsparker) or comparable enterprise DAST tools
4. Solid understanding of OWASP Top 10, CWE, and common web and API vulnerabilities
5. Experience with authentication mechanisms such as OAuth, SAML, JWT, and cookie based authentication
6. Demonstrated ability to analyze scan results and confidently distinguish valid vulnerabilities from false positives
7. Strong communication skills with the ability to collaborate effectively with developers, DevOps teams, and security stakeholders
8. 3–5 years of application security experience, with a focus on DAST and secure SDLC practices

Preferred Qualifications

1. Experience with additional security tools (e.g., Burp Suite, OWASP ZAP, Snyk, HCL AppScan, Fortify Web Inspect).
2. Scripting or programming experience (Python, Java, JavaScript, or similar languages).
3. Experience with cloud platforms (AWS, Azure, Google Cloud Platform).
4. Security certifications (e.g., CEH, GWAPT, OSCP).
5. Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI DSS).
6. Experience with CI/CD tools such as Jenkins, GitHub, or Harness.
7. Hands-on experience with web application and API security testing.