Application Security Engineer

Job Title: Application Security Engineer
Location: Boston, MA
Work Model: Hybrid/Onsite (As per Client Requirement)
Duration: 12+ Months
Experience Required: 8–12 Years

Job Summary

The Cyber Security Architecture & Engineering team is seeking an experienced Application Security Engineer to strengthen enterprise application security capabilities and support the rollout of Application Security (AppSec) tools and processes.

The ideal candidate will possess strong expertise in secure software development practices, threat modeling, secure code reviews, vulnerability management, and DevSecOps integration. This role requires close collaboration with development, architecture, and security teams to embed security throughout the Software Development Life Cycle (SDLC) and enable secure application delivery at scale.

Required Skills

Application Security (AppSec)

• Application Security Engineering
• Secure Software Development Lifecycle (SSDLC)
• Secure SDLC Implementation
• Secure Design Reviews
• Secure Architecture Reviews
• Threat Modeling
• Secure Code Reviews
• Vulnerability Assessment
• Exploitability Analysis
• Reachability Analysis
• Security Risk Management

Application Security Testing

• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Software Composition Analysis (SCA)
• Application Vulnerability Management
• Open Source Security
• Dependency Management

DevSecOps & CI/CD Security

• DevSecOps
• CI/CD Security Integration
• Security Automation
• Secure Build Pipelines
• Security Gate Implementation
• Continuous Security Validation

Programming & Development

• Java
• .NET
• Python
• Node.js
• Software Development Practices
• Secure Coding Standards

Cloud Security

• Amazon Web Services (AWS)
• Microsoft Azure
• Cloud Security
• Cloud-Native Security
• Application Security in Cloud Environments

Reporting & Governance

• Security Dashboards
• Security Metrics Reporting
• Risk Reporting
• Security Program Reporting
• Stakeholder Communication

Collaboration & Enablement

• Developer Enablement
• Secure Coding Training
• Stakeholder Management
• Cross-Functional Collaboration
• Security Advisory Services

Key Responsibilities

Application Security Program Implementation

• Implement and mature Application Security practices across the Software Development Life Cycle (SDLC).
• Integrate security controls throughout application design, development, testing, and deployment processes.
• Promote secure-by-design principles across engineering teams.

Threat Modeling & Secure Design

• Conduct:
  • Threat Modeling Exercises
  • Secure Architecture Reviews
  • Secure Design Assessments
• Identify potential security risks and recommend mitigation strategies.
• Evaluate application architectures for security weaknesses and design vulnerabilities.

Secure Code Reviews

• Perform secure code reviews across applications developed using:
  • Java
  • .NET
  • Python
  • Node.js
• Identify security vulnerabilities and recommend remediation strategies.
• Partner with development teams to implement secure coding practices.

Vulnerability Analysis & Management

• Analyze vulnerabilities for:
  • Exploitability
  • Reachability
  • Business Impact
  • Risk Prioritization
• Validate remediation activities and track vulnerability resolution.
• Provide risk assessments and recommendations to stakeholders.

Application Security Tooling

• Support onboarding, implementation, and rollout of Application Security tools.
• Configure and optimize:
  • SAST Platforms
  • DAST Platforms
  • SCA Solutions
• Integrate security testing tools into development workflows.

DevSecOps & CI/CD Integration

• Integrate Application Security controls into CI/CD pipelines.
• Implement automated security testing and validation processes.
• Support secure deployment and release practices.
• Drive adoption of DevSecOps principles and security automation.

Developer Enablement & Security Awareness

• Enable engineering teams with:
  • Secure Coding Practices
  • Security Standards
  • Application Security Best Practices
• Conduct security knowledge-sharing sessions and provide remediation guidance.
• Act as a trusted security advisor to development teams.

Reporting & Metrics

• Develop and maintain:
  • Security Dashboards
  • Vulnerability Reports
  • Security Metrics
  • Risk Reporting
  • Executive Reporting
• Communicate security posture and remediation progress to leadership.

Collaboration & Stakeholder Management

• Collaborate with:
  • Software Engineering Teams
  • DevOps Teams
  • Cloud Engineering Teams
  • Architecture Teams
  • Security Teams
  • Business Stakeholders
• Drive enterprise application security initiatives and continuous improvement programs.

Required Qualifications

• Bachelor''s Degree in:
  • Computer Science
  • Information Technology
  • Cybersecurity
  • Software Engineering
  • Information Systems
  • Related Technical Discipline
• 8–12 years of experience in:
  • Application Development
  • Application Security
  • Secure Software Engineering
  • DevSecOps
  • Security Architecture
• Strong hands-on experience with:
  • Secure SDLC
  • Threat Modeling
  • Secure Code Reviews
  • Vulnerability Management
  • Application Security Testing
• Experience with:
  • SAST
  • DAST
  • SCA
  • CI/CD Security Integration
  • Security Automation
• Development experience with:
  • Java
  • .NET
  • Python
  • Node.js
• Cloud security experience with:
  • AWS
  • Azure
• Excellent communication, analytical, and stakeholder management skills.

Preferred Qualifications

Certifications

• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• AWS Security Specialty
• Microsoft Azure Security Engineer Associate
• GIAC Web Application Penetration Tester (GWAPT)

Preferred Experience

• Enterprise Application Security Programs
• Security Architecture and Engineering Teams
• Financial Services or Highly Regulated Industries
• Secure DevOps and Cloud Transformation Programs
• Enterprise Security Tool Implementations

Key Competencies

• Application Security Engineering
• Secure Software Development
• Threat Modeling
• Secure Design Reviews
• Vulnerability Assessment
• DevSecOps
• Security Automation
• Cloud Security
• Developer Enablement
• Communication & Stakeholder Management
• Problem Solving
• Leadership & Collaboration