Application Security (AppSec) Specialist

Application Security (AppSec) Specialist

Position Overview

We are seeking an Application Security Specialist to integrate security throughout the software development lifecycle, implementing secure coding practices, managing static/dynamic application security testing, and conducting software composition analysis to ensure robust application security across our development portfolio.

Key Responsibilities

Secure Development Lifecycle Integration

• Integrate security controls and checkpoints throughout the SDLC from design to deployment

• Collaborate with development teams to implement security requirements and threat modeling practices

• Establish secure coding standards, guidelines, and security review processes

• Configure automated security testing in CI/CD pipelines and DevSecOps workflows

• Conduct security architecture reviews and design consultations for new applications

Static & Dynamic Application Security Testing

• Deploy and manage SAST tools (SonarQube, Veracode, Checkmarx, Fortify) for source code analysis

• Implement DAST solutions (OWASP ZAP, Burp Suite, Rapid7) for runtime vulnerability detection

• Configure interactive application security testing (IAST) for real-time vulnerability identification

• Analyze scan results, triage findings, and prioritize remediation based on risk assessment

• Develop custom security rules and policies for application-specific security requirements

Software Composition Analysis

• Implement SCA tools (Snyk, Black Duck, WhiteSource) to identify vulnerable third-party components

• Monitor open source libraries and dependencies for known vulnerabilities and license compliance

• Establish policies for acceptable third-party components and dependency management

• Automate vulnerability scanning for container images and package repositories

• Create remediation workflows for outdated or vulnerable dependencies

Security Training & Consultation

• Provide secure coding training and security awareness programs for development teams

• Conduct code reviews and security consultations for critical applications

• Develop application security documentation, best practices, and remediation guidance

• Support incident response for application security breaches and vulnerability disclosures

• Mentor developers on security testing tools and defensive programming techniques

Required Qualifications

Technical Skills

• 6+ years experience in application security and secure software development

• Expert knowledge of SAST/DAST tools and application security testing methodologies

• Strong programming skills in multiple languages (Java, .NET, Python, JavaScript, Go)

• Experience with SCA tools and open source vulnerability management

• Understanding of web application security (OWASP Top 10, API security, authentication/authorization)

• Proficiency in security testing frameworks and penetration testing techniques

Development Skills

• Experience integrating security tools into CI/CD pipelines and automated workflows

• Knowledge of secure coding practices and common vulnerability patterns

• Understanding of cloud-native application security and containerized application testing

• Experience with threat modeling methodologies and security architecture principles

Preferred Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or related field

• Security certifications (CISSP, CSSLP, CEH, GWEB, OSCP)

• Experience with DevSecOps practices and security automation frameworks

• Background in penetration testing and manual application security assessments

• Knowledge of compliance frameworks (PCI-DSS, HIPAA, SOX) for application security