Application Security Engineer at CredPal

Purpose Statement

We are looking for a skilled Application Security Engineer to join our team and contribute to the safeguarding of our digital assets. As an Application Security Engineer, your purpose is to fortify our systems against cyber threats, ensuring the integrity and confidentiality of our applications. Join us in the mission to build and maintain a secure digital environment, protecting our organization and user data from potential vulnerabilities and attacks.

Responsibilities

• Conduct thorough assessments of the application code and infrastructure to identify potential vulnerabilities.
• Collaborate with development teams to integrate security measures into the application architecture, ensuring robust protection.
• Perform regular and systematic reviews of application code for security flaws and adherence to secure coding practices.
• Conduct penetration testing to simulate real-world attacks and identify weaknesses in application security defenses.
• Oversee and manage security tools and technologies used for application security testing and monitoring.
• Develop and implement incident response plans to address security incidents promptly and effectively.
• Provide training to development teams on secure coding practices and emerging security threats.
• Ensure applications adhere to industry standards and regulatory requirements related to security.
• Create and maintain documentation related to security policies, procedures, and best practices for applications.
• Implement continuous monitoring solutions to detect and respond to security events in real-time, ensuring proactive threat mitigation.

Preferred Qualifications and Requirements

• Bachelor’s in Computer Science, Information Security, or a related field.
• A minimum of 3 years of professional experience in application security engineering in financial institutions or FinTech.
• Industry-recognized certifications such as CISSP, CEH, or CSSLP are highly desirable.
• Proficiency in at least one programming language is necessary for in-depth code analysis.
• Familiarity with application security tools such as SAST, DAST, and RASP.
• Experience in threat modeling to assess and mitigate potential risks in application architecture.
• Strong understanding of Secure Software Development Life Cycle (SDLC) practices.
• In-depth knowledge of web application technologies, frameworks, and protocols.
• Familiarity with security standards and frameworks such as OWASP, NIST, or ISO 27001.
• Excellent verbal and written communication skills for effective collaboration and documentation.
• Willing to resume immediately.