Application Security Engineer/Lead (DevSecOps/CI/CD Security)

We are partnering with a leading technology-driven organization to hire an experienced Application Security Engineer / Lead. This role focuses on embedding security throughout the software development lifecycle (SDLC) and reducing application risk across cloud-native and containerized environments.

You will collaborate closely with engineering, DevOps, and product teams to implement scalable DevSecOps practices, integrate automated security controls into CI/CD pipelines, and promote secure-by-design principles, ensuring a strong security posture without impacting delivery speed.

• Integrate security practices across all phases of the SDLC, from planning to deployment, in collaboration with cross-functional teams
• Design, implement, and manage application security testing programs, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Runtime Application Self-Protection (RASP)
• Embed automated security checks and quality gates within CI/CD pipelines to ensure consistent and scalable controls
• Perform API security assessments, including validation of authentication, authorization, input handling, and abuse scenarios
• Conduct or coordinate penetration testing for web applications and APIs, and validate remediation efforts
• Lead threat modeling sessions and secure design reviews for modern architectures (e.g., microservices, serverless, containerized applications)
• Establish and manage vulnerability triage and remediation processes, including prioritization and tracking to resolution
• Define and promote secure coding standards; provide hands-on support through code reviews and guidance
• Support application-layer security across cloud environments, including identity management, secrets handling, and network exposure
• Implement best practices for secrets management, configuration security, and least-privilege access
• Develop dashboards and reporting metrics to track security coverage, remediation timelines, and overall risk trends
• Evaluate and onboard application security tools, optimizing for performance and developer usability
• Deliver training sessions and knowledge-sharing initiatives to improve developer security awareness
• Participate in incident response related to application vulnerabilities, including root cause analysis and preventive improvements

• Strong hands-on experience with:
• SAST (tooling, tuning, and remediation support)
• DAST (scan configuration, authenticated testing, and validation)
• SCA (open-source risk management and dependency analysis)
• Familiarity with IAST and/or runtime security testing approaches
• Understanding of RASP or runtime protection mechanisms in production environments
• Proven experience in API security testing, including common risks and mitigation techniques
• Solid background in penetration testing for web applications and APIs
• Deep understanding of common application vulnerabilities (e.g., OWASP Top 10) and secure coding practices

• Experience working in DevOps environments with CI/CD pipelines and automated deployments
• Proven ability to integrate security controls into development workflows without disrupting delivery
• Hands-on experience with CI/CD platforms (e.g., pipeline configuration, build/release processes, artifact management)
• Familiarity with Infrastructure-as-Code (IaC), pipeline templating, and policy-as-code practices

• Experience with at least one major cloud platform (e.g., Azure, AWS, or GCP), including security fundamentals
• Software development background with the ability to review and understand code (e.g., C#, Java, JavaScript/TypeScript, Python, Go)
• Familiarity with modern application architectures such as microservices, containers, and serverless environments

• Ability to communicate technical risks effectively to both technical and non-technical stakeholders
• Strong collaboration and stakeholder management skills
• Capability to influence teams and drive security adoption in a fast-paced environment
• Experience defining standards, processes, and measurable security outcomes (e.g., KPIs, SLAs)

• Experience with common application security tools across SAST, DAST, and SCA categories
• Familiarity with web application firewalls (WAF), API gateways, or service mesh security
• Relevant security or cloud certifications