Application Security Engineer

2-4 years of experience in Application Security, Product Security, or a development role with a strong security focus. Strong knowledge of OWASP Top 10 (Web), OWASP API Security Top 10, and secure development practices. Hands-on experience with SAST, DAST, and SCA tools such as Checkmarx, SonarQube, Veracode, Semgrep, or Snyk; ability to triage and prioritize findings from automated security scanners. Experience integrating security tooling into CI/CD pipelines (GitHub Actions, GitLab CI, or Jenkins) and familiarity with shift-left security principles. Working knowledge of cloud environments (AWS, Azure, or GCP) including IAM, secrets management, and network security controls. Proficiency in Python, Bash, or PowerShell for automating security checks and workflows. Ability to write or review code from a security perspective across common languages such as Java, Python, or JavaScript. Experience conducting secure code reviews and participating in design review sessions. Basic understanding of container and Kubernetes security concepts. Familiarity with vulnerability scoring (CVSS) and vulnerability management processes. Understanding of MITRE ATT&CK framework and the Cyber Kill Chain. Certifications preferred: OSWE, CWEE, CDP, CDE, or equivalent.