Application Security Engineer

Overview: We are seeking a highly skilled and motivated Application Security Engineer with experience in Vulnerability Disclosure Programs (VDPs), penetration testing, and secure code review. The ideal candidate will have a strong technical background in application security, a keen eye for identifying vulnerabilities, and the ability to work collaboratively across teams to enhance the overall security posture of our applications. Key Responsibilities: Design, implement, and manage VDPs to effectively identify, track, and remediate security vulnerabilities in our applications. Collaborate with internal teams and external researchers to triage and prioritize reported vulnerabilities. Develop and maintain guidelines and processes for external reporters to submit vulnerabilities responsibly. Lead the management of our bug bounty program, including engagement with the hacker community to identify potential vulnerabilities. Review and validate bug bounty submissions to ensure accuracy and relevance. Coordinate with development and security teams to ensure timely remediation of reported issues. Perform comprehensive security code reviews across various programming languages and frameworks to identify vulnerabilities and ensure adherence to security best practices. Provide actionable feedback and recommendations to development teams to enhance the security of code and applications. Collaborate with developers to build secure coding practices and integrate security tools and processes into the development lifecycle. Deploy, and maintain security tools and automation to enhance the efficiency and effectiveness of the application security program. Work closely with development, DevOps, and QA teams to integrate security into the software development lifecycle. Conduct training sessions and workshops to raise security awareness and promote secure coding practices among developers. Conduct threat modeling and security risk assessments to identify and mitigate potential security risks in application designs and architectures. Qualifications: Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience. 3+ years of experience in application security, including VDP management, penetration testing, and secure code review. Strong understanding of application security and common vulnerabilities (e.g., OWASP Top Ten, SANS Top 25). Experience with security tools such as static and dynamic analysis tools, and security testing frameworks. Familiarity with CI/CD pipelines and DevSecOps practices. Strong programming skills in one or more languages (e.g., Python, Java, JavaScript, C#, etc.). Excellent analytical and problem-solving skills with a keen attention to detail. Strong communication and collaboration skills with the ability to work effectively across different teams and departments. Relevant security certifications (e.g., OSCP, CEH, GWAPT, CSSLP) are a plus.