Application Security Engineer

about 5 hours ago

Delhi, IndiaMid Level / Senior

H1B Sponsor

Responsibilities

Own and operate static, dynamic, and software composition analysis scanning platforms across all engineering pipelines.
Build and maintain CI/CD security gates that enforce scan policies at various stages.
Write custom detection rules tailored to the organization's tech stack and threat model.
Triage and prioritize scan findings with a focus on actual exploitability.
Develop automation to ticket, deduplicate, and route findings to engineering teams.
Integrate dynamic scanning into pre-production environments.
Partner with engineering teams on remediation efforts.
Support software composition analysis and dependency security programs.
Contribute to the security champions program to educate developers.
Run structured evaluations of new tooling and drive buy vs build decisions.

5-7 years in application security, DevSecOps, or a security engineering role with a tooling focus.
Strong foundational knowledge of web application vulnerabilities at a technical level.
Ability to read a scan finding and reason about its exploitability in context.
Hands-on experience deploying and tuning SAST platforms.
Experience integrating security tooling into CI/CD pipelines.
Proficiency in at least one scripting language, preferably Python or Go.
Experience with DAST tooling in authenticated scan configurations.
Familiarity with SCA concepts and dependency graphs.
Ability to read and reason about code across multiple languages.