Application Security

Application Security (AppSec) SpecialistAbout the job Application Security (AppSec) SpecialistApplication Security (AppSec) SpecialistPosition OverviewWe are seeking an Application Security Specialist to integrate security throughout the software development lifecycle, implementing secure coding practices, managing static/dynamic application security testing, and conducting software composition analysis to ensure robust application security across our development portfolio.Key ResponsibilitiesSecure Development Lifecycle IntegrationIntegrate security controls and checkpoints throughout the SDLC from design to deploymentCollaborate with development teams to implement security requirements and threat modeling practicesEstablish secure coding standards, guidelines, and security review processesConfigure automated security testing in CI/CD pipelines and DevSecOps workflowsConduct security architecture reviews and design consultations for new applicationsStatic & Dynamic Application Security TestingDeploy and manage SAST tools (SonarQube, Veracode, Checkmarx, Fortify) for source code analysisImplement DAST solutions (OWASP ZAP, Burp Suite, Rapid7) for runtime vulnerability detectionConfigure interactive application security testing (IAST) for real-time vulnerability identificationAnalyze scan results, triage findings, and prioritize remediation based on risk assessmentDevelop custom security rules and policies for application-specific security requirementsSoftware Composition AnalysisImplement SCA tools (Snyk, Black Duck, WhiteSource) to identify vulnerable third-party componentsMonitor open source libraries and dependencies for known vulnerabilities and license complianceEstablish policies for acceptable third-party components and dependency managementAutomate vulnerability scanning for container images and package repositoriesCreate remediation workflows for outdated or vulnerable dependenciesSecurity Training & ConsultationProvide secure coding training and security awareness programs for development teamsConduct code reviews and security consultations for critical applicationsDevelop application security documentation, best practices, and remediation guidanceSupport incident response for application security breaches and vulnerability disclosuresMentor developers on security testing tools and defensive programming techniquesRequired QualificationsTechnical Skills6+ years experience in application security and secure software developmentExpert knowledge of SAST/DAST tools and application security testing methodologiesExperience with SCA tools and open source vulnerability managementUnderstanding of web application security (OWASP Top 10, API security, authentication/authorization)Proficiency in security testing frameworks and penetration testing techniquesDevelopment SkillsExperience integrating security tools into CI/CD pipelines and automated workflowsKnowledge of secure coding practices and common vulnerability patternsUnderstanding of cloud-native application security and containerized application testingExperience with threat modeling methodologies and security architecture principlesPreferred QualificationsBachelor's degree in Computer Science, Cybersecurity, or related fieldSecurity certifications (CISSP, CSSLP, CEH, GWEB, OSCP)Experience with DevSecOps practices and security automation frameworksBackground in penetration testing and manual application security assessmentsKnowledge of compliance frameworks (PCI-DSS, HIPAA, SOX) for application security #J-18808-Ljbffr