- Company Name
- Sardine
- Job Title
- Senior Application Security Engineer
- Job Description
-
Job title: Senior Application Security Engineer
Role Summary: Lead security integration across the Software Development Lifecycle (SDLC) for web, mobile, and API services, ensuring robust protection against emerging threats through proactive code analysis, threat modeling, and incident response.
Expectations: • Deliver comprehensive application security assessments and remediation guidance.
• Embed security controls into CI/CD pipelines and development workflows.
• Drive a security‑first culture among engineering and product teams.
• Respond to and triage security incidents related to application vulnerabilities.
Key Responsibilities: • Perform code reviews, vulnerability assessments, and penetration tests on web, mobile, and API applications.
• Integrate and manage SAST, DAST, IAST, and SCA tools within CI/CD pipelines.
• Lead threat modeling for new features and services to identify design‑phase risks.
• Triage, validate, and prioritize vulnerabilities from automated tools, manual testing, and bug bounty programs.
• Collaborate with engineering and product teams to design secure solutions and advise on remediation strategies.
• Develop and maintain security standards, best practices, and documentation for developers.
• Deliver security training and awareness programs for development teams.
• Automate security testing workflows through custom scripts and tooling.
• Assist in incident response for application security events.
Required Skills: • 7+ years in application, product, or offensive security.
• Deep knowledge of OWASP Top 10 vulnerabilities and mitigations (XSS, SQLi, CSRF, deserialization).
• Proficient in code audit for Python, Go, or JavaScript/TypeScript.
• Hands‑on experience with SAST, DAST, IAST, and SCA tools.
• Understanding of security in cloud (GCP & AWS) and container environments (Docker, Kubernetes).
• Proven experience integrating security into SDLC stages.
• Strong analytical, problem‑solving, and incident‑response abilities.
• Excellent communication skills for technical and non‑technical stakeholders.
Required Education & Certifications: • Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• Professional security certifications (e.g., CISSP, CEH, OSCP, or comparable) are preferred.