Overview
Skills
Job Details
Hi,
This is Viswanath from Saksoft.
I have an exciting opportunity as a Senior Application Security Engineer with one of our clients. If you are interested in this opportunity, please share your updated Resume to proceed further.
Job Title: Senior Application Security Engineer
Location: Dallas, TX
Hire Type: Contract
Duration: 6- 12 months
Job Description
Key Responsibilities
Ability to identify, triage, and remediate issues such as injection flaws, insecure deserialization, and misconfigurations.
Integrate and manage SAST and DAST tools within CI/CD pipelines.
Collaborate with development teams to remediate vulnerabilities and enforce secure coding standards.
Design and implement guardrails for AI-powered applications, mitigating risks like prompt injection, model inversion, and data poisoning.
Develop and maintain security policies, procedures, and documentation.
Conduct security assessments and provide actionable recommendations.
Analyze complex problems and implement effective solutions or workarounds.
Mentor junior engineers and promote security awareness across teams.
Build and maintain CI/CD pipelines using tools like CloudBees, Jenkins, Buddy, UrbanCode, etc.
Develop automation solutions using Python, Java, or PowerShell.
Work with APIs, endpoints, and databases to develop integrated security solutions.
Use IDEs such as Visual Studio, Visual Studio Code, Eclipse for secure development and debugging.
Implement and manage GitHub Advanced Security features including code scanning, secret scanning, and Dependabot s.
Apply extensive experience working with DevOps tools such as GitHub, including workflows, actions, and advanced workflow automation.
Understand and remediate security vulnerabilities across multiple programming languages.
Work with Azure Resource Manager (ARM) and scripting tools including PowerShell, Azure CLI, JavaScript, Shell scripts, Python, or similar.
Collaborate within an Agile team environment using Azure DevOps.
Familiarity with OWASP Dependency-Check and similar tools to manage third-party risks
________________________________________
Required Qualifications
Minimum 8 years of experience in application security or software engineering with a security focus.
Strong programming skills in one or more languages (e.g., Python, Java, JavaScript, C#).
At least 3 years of experience developing automation solutions using Python, Java, or PowerShell.
________________________________________
Preferred Qualifications
Hands-on experience with SAST and DAST tools (e.g., Veracode, GitHub)
Deep understanding of security vulnerabilities in multiple programming languages (e.g., Python, Java, JavaScript, C#).
Solid understanding of OWASP Top 10 and familiarity with SANS Top 25 vulnerabilities.
Experience with AI security concepts and mitigation strategies.
CompTIA Security+ certification or equivalent.
Experience with cloud-native security (AWS, Azure, Google Cloud Platform).
Experience developing solutions that combine data from APIs, endpoints, and databases.
Outstanding communication and strong analytical skills.
Ability to function effectively in a globally diverse work environment.
Clearly communicates risks, solutions, and security posture to technical and non-technical stakeholders.
Experience with GenAI risk mitigation (e.g., prompt injection, data leakage).
Knowledge of container security and infrastructure-as-code scanning.
Certifications such as CISSP, OSCP, or GIAC are a plus.
Skills
Mandatory Skills : Estimation,Application Security - Microfocus Fortify-SCA and SAST,Application Security - Microfocus Fortify DAST,Network PT,Attack Surface Management,Breach Attack Simulation,Red Teaming,Mobile Security - MAST Tool Implementation/ Dynamic Analysis (Penetration Testing)/ Static Analysis (Static Code Analysis)/ Remediation Advisory/ Tool Selection,Architectural diagrams,Application Security - Black Duck/ Sonartype IQ,Application Security - Burp Suite,Application Security - Checkmarx/ Synopsys / Veracode,Application Security - Rapid 7 (InsightAppSec),Application Security (application security framework/ threat modelling/ Secure SDLC/ DevSecOps/Application Security Architecture Review),Application Security DAST & Penetration Testing - review/ Implementation/ Scanning/ Secure Code Review/ OWASP/ Remediation Advisor/ Secure SDLC,Application Security SAST & SCA Tool - review/ Implementation/ Scanning/ Secure Code Review/ OWASP/ Remediation Advisory/ Secure SDLC,Application Security SAST and IAST - CheckMarx,Architecture Assessment,Architecture Governance,Capacity Planning,Compliance Evaluation,Cost Benefit Analysis Method,Devsecops /Appsec Automation / Appsec Maturity Program,DevSecOps automation - Jenkins, Ansible. Terraform, GitLab,Infra Vulnerability Management - Qualys,Infra Vulnerability Management - Rapid 7,Infra Vulnerability Management - Tenable IO,Infra Vulnerability Management - Tenable Nessus, SC, CS,Infra Vulnerability management/Triaging/ Remdiation Advisory / ServiceNow /ITSM /CMDB,Metasploit,Red Teaming - FireCompass,BaS - Cymulate,PT - Horizon3,PT - VA/ Discovery/ Enumeration/ Reconnaisance/ Scanning/ Manual/ Exploitation/ Analysis/ Reporting/ Zero Day/ corrective action/ Strategy,PT - Network PT/ Red Teaming (Internal and External)/ Attack surface management/ /Breach Attack Simulation/Mitre Attack - Discovery/ Enumeration/ Reconnaisance/ Scanning/ Manual/ Exploitation/ Analysis/ Reporting/ Zero Day/ corrective action/ Strategy,Application Security - Microfocus Fortify
Thanks & Regards
Viswanath Dulam Senior Executive- Recruitment | |
T: (Direct) E:
Innovation Customer focus Openness Respect Enterprising |
Help reduce your carbon footprint | Think before you print. This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments. Any opinion or other information in this e-mail or its attachments that does not relate to the business of the Saksoft Group is personal to the sender and is not given or endorsed by the Saksoft Group. Any data that you provide within the context of your email you will have done so with your own consent and GDPR controls will be applied whilst the data is controlled or processed within the Saksoft Group.