- Company Name
- Soni
- Job Title
- Application Cybersecurity Engineer
- Job Description
-
Job Title: Application Cybersecurity Engineer
Role Summary:
Senior Engineer responsible for designing, implementing, and maintaining application security programs. Leads security testing across the SDLC, manages incident response, and serves as the primary liaison to the SOC and technology leadership.
Expectations:
- Deliver comprehensive application security strategy aligned with OWASP and NIST SSDF.
- Ensure secure development practices, vulnerability remediation, and compliance across multi‑cloud environments.
- Mentor and educate engineering teams on secure coding and threat modeling.
Key Responsibilities
- Develop and execute application security strategy in partnership with technology leadership.
- Provide security guidance for new and existing application development initiatives.
- Lead security operations, incident response, and investigations; communicate risks to senior leadership.
- Act as primary liaison to the Managed Security Operations Center (SOC).
- Identify, assess, and remediate vulnerabilities using SAST, DAST, SCA, penetration testing, and threat modeling.
- Define and enforce secure development practices aligned with OWASP and NIST SSDF.
- Oversee security tooling for source‑code scanning, secrets detection, containers, IaC, runtime protection, and APIs.
- Conduct security assessments, audits, and compliance activities.
- Educate engineering teams on secure coding and application security best practices.
- Stay current on emerging threats, trends, and technologies and recommend improvements to security posture.
Required Skills
- Proficiency in OWASP and NIST SSDF frameworks.
- Strong knowledge of application, OS, database, network, and cloud security.
- Ability to analyze vulnerabilities in Java/Spring Boot, React, Node.js, .NET Core, Python, Kafka, relational databases, etc.
- Hands‑on experience with AWS, Azure, Windows Server, Linux security.
- Experience with containerized environments, preferably Kubernetes (EKS).
- Expertise in securing APIs and modern web applications.
- Excellent analytical, problem‑solving, and communication skills.
Required Education & Certifications
- Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
- Industry certifications: CISSP, CISM, or GIAC.
Preferred (optional)
- Master’s degree in Cybersecurity, Computer Science, or related field.
- Advanced certifications: CEH, OSCP, or CHFI.
- 7–10+ years total experience, 3–5+ years in application security.
- Experience with Fortify, Burp Suite, SonarCloud, Datadog, DevOps CI/CD pipeline security, IAM solutions (Okta), eCommerce platforms (Magento), GDPR/SOX compliance, threat modeling (STRIDE), vendor management, and secure design patterns.
Conshohocken, United states
On site
Junior
05-02-2026