Application Security Engineer

About the Opportunity

Our US-based global BPO client is seeking an Application Security Engineer to protect mission-critical systems and applications serving millions of customers worldwide. This award-winning employer has operated for over 40 years and maintains a strong commitment to employee development, diversity, and work-life balance.

You will lead efforts to secure new and existing applications by assessing risks, developing mitigation strategies, and embedding security best practices throughout the software development lifecycle.

What You'll Do

• Lead security assessments and code reviews across web, mobile, cloud, and on-premise applications.
• Guide development teams on secure coding practices and implement effective security controls.
• Conduct vulnerability scans, penetration testing, and manage remediation processes.
• Deploy and manage SAST, DAST, and IAST tools for continuous application security monitoring.
• Collaborate with DevOps teams to embed security in CI/CD pipelines.
• Evaluate threats, conduct risk assessments, and define mitigation strategies.
• Participate in cloud security reviews across AWS, Azure, and GCP and recommend improvements.
• Deliver security training to developers and internal teams.
• Maintain documentation on architecture, incident response, and security procedures.
• Serve as a security advisor across global business units.
• Communicate findings clearly to both technical and non-technical stakeholders across cultures.

What You Bring

• Bachelor's degree in Computer Science, Information Security, or related field.
• 3+ years of experience in application security covering both cloud and on-premise environments.
• Hands-on experience with penetration testing, risk assessments, and vulnerability management.
• Solid understanding of OWASP Top 10 vulnerabilities and mitigation strategies.
• Proficiency in scripting or programming using Python, Java, or C#.
• Familiarity with security testing tools and major cloud platforms (AWS, Azure, GCP).
• Excellent communication skills with experience collaborating across global, cross-functional teams.
• Certifications such as CISSP, CSSLP, or CEH are a plus but not required.

NIST NICE Framework Skills Profile

This role aligns with the NICE Cybersecurity Workforce Framework v2.1.0 competency areas. Qualified candidates will demonstrate proficiency in the following knowledge, skills, and abilities:

Knowledge Areas

• K0004 – Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0005 – Knowledge of cyber threats and vulnerabilities.
• K0009 – Knowledge of application vulnerabilities.
• K0039 – Knowledge of cybersecurity and privacy principles and methods that apply to software development.
• K0070 – Knowledge of system and application security threats and vulnerabilities including buffer overflow, mobile code, cross-site scripting, and SQL injection.
• K0342 – Knowledge of penetration testing principles, tools, and techniques.
• K0624 – Knowledge of application security risks (e.g., Open Web Application Security Project Top 10 list).

Skills

• S0001 – Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• S0022 – Skill in designing countermeasures to identified security risks.
• S0027 – Skill in determining how a security system should work and how changes in conditions, operations, or the environment will affect these outcomes.
• S0060 – Skill in writing code in a currently supported programming language (e.g., Python, Java).
• S0137 – Skill in conducting application vulnerability assessments.
• S0167 – Skill in recognizing vulnerabilities in security systems.
• S0174 – Skill in using code analysis tools.

Abilities

• A0007 – Ability to tailor code analysis for application-specific concerns.
• A0021 – Ability to use and understand complex mathematical concepts.
• A0123 – Ability to apply cybersecurity and privacy principles to organizational requirements.

What's Offered

• Competitive compensation package with performance bonus opportunities.
• Comprehensive benefits including healthcare and paid time off.
• Tuition reimbursement program.
• Supportive environment for career and professional development.
• Inclusive culture with employee resource groups and community involvement.
• Global team of lifelong learners guided by strong company values.