Job Description
We are seeking a seasoned Application Security Specialist to lead the design and implementation of secure software development practices across our organization.
Experience: 8+ years
Responsibilities
Security Testing
Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA)
Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtime
Execute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risks
Ensure applications are resilient to real-world attack vectors
Vulnerability Management and Threat Mitigation
Identify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT)
Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure Design
Assess and remediate vulnerabilities in accordance with OWASP Application Security Verification Standard (ASVS)
Use Threat Modeling to predict, identify, and mitigate potential security threats early in the development lifecycle
Provide detailed report analysis and assess the actual business and technical impact of security vulnerabilities o Generate and analyze SAST reports, delivering actionable insights to technical and business stakeholders
Implement and maintain robust vulnerability management processes
Cloud Security
Secure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standards
Ensure data privacy and protection compliance with GDPR and HIPAA in cloud implementations.
Implement security controls and frameworks for cloud applications and infrastructure
Compliance and Regulations
Ensure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPR.
Conduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS Controls.
Support the creation of secure applications that meet industry compliance and regulatory requirements
Dev Sec Ops Integration
Embed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediation
Collaborate with Dev Ops teams to integrate security tools and testing into the CI/CD pipelines using Jenkins and Azure Dev Ops
Automate security testing and monitoring to support agile development cycles
Security Architecture and Best Practices
Design secure application architectures to address OWASP Top 10 risks and API specific threats.
Advocate and enforce secure coding practices throughout the development teams o Integrate OWASP ASVS principles and Threat Modeling to enhance application security Design and implement security architecture for web, mobile, and API applications
Leadership and Training
Lead security assessments and mentor junior team members on secure application practices.
Conduct workshops and training sessions on OWASP Top 10, PCI DSS, Secure SDLC, and other key frameworks.
Act as a subject matter expert (SME) in application security, fostering a culture of security awareness across the organization
Required Skills and Qualifications
Technical Proficiency
Legacy technologies: Java,. NET
Modern technologies: React, Node.js, Python, PHP, Ruby/Rails, Angular, etc
CMS experience with Magento-Adobe and Avocode.
Cloud Skills
Expertise with AWS and Azure cloud platforms.
Security and Compliance Knowledge.
Strong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity Frameworks.
Familiarity with SANS Top 25 Software Errors and their remediation strategies
Security Testing Expertise.
Proficiency in SAST, SCA, DAST, IAST, and penetration testing techniques.
Experience in Threat Modeling to proactively identify and mitigate risks.
Strong knowledge of VAPT, mobile, and API security testing
Dev Sec Ops and SDLC Integration
Expertise in implementing Secure Software Development Lifecycle (SDLC) practices Proficiency in integrating security tools with CI/CD pipelines using Jenkins and Azure Dev Ops
Soft Skills
Excellent communication skills to bridge the gap between technical and business teams
Ability to articulate technical issues to both technical and non-technical audiences Preferred
Certifications
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
GIAC Web Application Penetration Tester (GWAPT)
AWS Certified Security -- Specialty
Microsoft Certified: Azure Security Engineer Associate
Why Quali Zeal?
Award-Winning Workplace: Certified as a Great Place to Work® and recognized by ET NOW as the Best Organization for Women in 2025.
Proven Engagement: Industry-recognized client and employee Net Promoter Scores (NPS).
Growth-Focused Culture: Equal-opportunity employer with a strong emphasis on leadership development, training, and continuous learning.
Flexible & Supportive Environment: We value empathy, recognize contributions, and support work-life balance.
Transparent Leadership: Open-book management with a collaborative, inclusive approach.
Rapid Growth: 850+ professionals strong and on track to reach 3000+ employees — an exciting time to join.
About Quali Zeal:
Quali Zeal is North America's fastest-growing independent digital quality engineering services company. With a diverse portfolio of digital transformation services encompassing Quality Engineering, Digital Engineering, Advisory and Transformation, and Emerging Technology Testing, Quali Zeal empowers organizations of all sizes globally to achieve quality excellence and sustainable market leadership. Trusted by 70+ global enterprises and with a headcount of 850+ elite software quality engineers, Quali Zeal is pioneering AI-enabled Quality Engineering innovation. Quali Zeal has consistently maintained an outstanding client Net Promoter Score (NPS) of over 75, reflecting its unwavering commitment to client satisfaction and service excellence.
Experience: 8+ years
Responsibilities
Security Testing
Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA)
Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtime
Execute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risks
Ensure applications are resilient to real-world attack vectors
Vulnerability Management and Threat Mitigation
Identify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT)
Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure Design
Assess and remediate vulnerabilities in accordance with OWASP Application Security Verification Standard (ASVS)
Use Threat Modeling to predict, identify, and mitigate potential security threats early in the development lifecycle
Provide detailed report analysis and assess the actual business and technical impact of security vulnerabilities o Generate and analyze SAST reports, delivering actionable insights to technical and business stakeholders
Implement and maintain robust vulnerability management processes
Cloud Security
Secure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standards
Ensure data privacy and protection compliance with GDPR and HIPAA in cloud implementations.
Implement security controls and frameworks for cloud applications and infrastructure
Compliance and Regulations
Ensure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPR.
Conduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS Controls.
Support the creation of secure applications that meet industry compliance and regulatory requirements
Dev Sec Ops Integration
Embed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediation
Collaborate with Dev Ops teams to integrate security tools and testing into the CI/CD pipelines using Jenkins and Azure Dev Ops
Automate security testing and monitoring to support agile development cycles
Security Architecture and Best Practices
Design secure application architectures to address OWASP Top 10 risks and API specific threats.
Advocate and enforce secure coding practices throughout the development teams o Integrate OWASP ASVS principles and Threat Modeling to enhance application security Design and implement security architecture for web, mobile, and API applications
Leadership and Training
Lead security assessments and mentor junior team members on secure application practices.
Conduct workshops and training sessions on OWASP Top 10, PCI DSS, Secure SDLC, and other key frameworks.
Act as a subject matter expert (SME) in application security, fostering a culture of security awareness across the organization
Required Skills and Qualifications
Technical Proficiency
Legacy technologies: Java,. NET
Modern technologies: React, Node.js, Python, PHP, Ruby/Rails, Angular, etc
CMS experience with Magento-Adobe and Avocode.
Cloud Skills
Expertise with AWS and Azure cloud platforms.
Security and Compliance Knowledge.
Strong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity Frameworks.
Familiarity with SANS Top 25 Software Errors and their remediation strategies
Security Testing Expertise.
Proficiency in SAST, SCA, DAST, IAST, and penetration testing techniques.
Experience in Threat Modeling to proactively identify and mitigate risks.
Strong knowledge of VAPT, mobile, and API security testing
Dev Sec Ops and SDLC Integration
Expertise in implementing Secure Software Development Lifecycle (SDLC) practices Proficiency in integrating security tools with CI/CD pipelines using Jenkins and Azure Dev Ops
Soft Skills
Excellent communication skills to bridge the gap between technical and business teams
Ability to articulate technical issues to both technical and non-technical audiences Preferred
Certifications
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
GIAC Web Application Penetration Tester (GWAPT)
AWS Certified Security -- Specialty
Microsoft Certified: Azure Security Engineer Associate
Why Quali Zeal?
Award-Winning Workplace: Certified as a Great Place to Work® and recognized by ET NOW as the Best Organization for Women in 2025.
Proven Engagement: Industry-recognized client and employee Net Promoter Scores (NPS).
Growth-Focused Culture: Equal-opportunity employer with a strong emphasis on leadership development, training, and continuous learning.
Flexible & Supportive Environment: We value empathy, recognize contributions, and support work-life balance.
Transparent Leadership: Open-book management with a collaborative, inclusive approach.
Rapid Growth: 850+ professionals strong and on track to reach 3000+ employees — an exciting time to join.
About Quali Zeal:
Quali Zeal is North America's fastest-growing independent digital quality engineering services company. With a diverse portfolio of digital transformation services encompassing Quality Engineering, Digital Engineering, Advisory and Transformation, and Emerging Technology Testing, Quali Zeal empowers organizations of all sizes globally to achieve quality excellence and sustainable market leadership. Trusted by 70+ global enterprises and with a headcount of 850+ elite software quality engineers, Quali Zeal is pioneering AI-enabled Quality Engineering innovation. Quali Zeal has consistently maintained an outstanding client Net Promoter Score (NPS) of over 75, reflecting its unwavering commitment to client satisfaction and service excellence.
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application