Application Security Engineer

Description:

Senior - 10+ yrs

• Implement, operate, and optimize Web Application Firewalls (WAF) and API security solutions to safeguard applications against OWASP Top 10 and emerging threats.
• Design, enforce, and monitor application-level encryption, secure coding practices, and key management controls to protect sensitive data.
• Collaborate with development, DevOps, and product teams to integrate security controls into the software development lifecycle (SDLC) and CI/CD pipelines.
• Perform threat modelling, application penetration testing, and code reviews to proactively identify and remediate vulnerabilities.
• Deploy and manage application-layer DDoS protection, bot management, and API rate-limiting strategies.
• Establish and enforce policies for secure authentication, authorization, and session management in web and mobile applications.
• Align application security initiatives with compliance standards (e.g., PCI DSS, DESC) and organizational risk management objectives.