Senior Application Security Engineer (12+ year exp required)

Mandatory Skills/Experience

• Minimum of 12 years of hands-on experience in Application Security, Vulnerability Assessments, or Penetration Testing.
• Advanced proficiency in applying OWASP Top 10 and NIST 800-53 standards.
• Practical experience operating and configuring SAST/DAST tools (e.g. AppScan, Veracode, Burp Suite).
• Proven ability to explain technical vulnerabilities to developers and provide specific, design-level remediation guidance.
• Proficiency in using CVSS (Common Vulnerability Scoring System) to correlate technical severity with business impact and data sensitivity.

Desirable skills/experience:

• Experience testing cloud-native apps (AWS/Azure/Google Cloud Platform), APIs, and microservices.
• Strong understanding of Agile/SDLC cycles to effectively coordinate with developers and project managers.
• Proficiency in manual, deep-dive testing to validate automated findings and identify complex business logic flaws.
• Background working with large, complex organizations or government/public sector environments.