Senior Application Security Engineer

Model N Global Information Security team is seeking a Senior Application Security Engineer with deep expertise and a proven track record in the Application/Product Security domain.  This is the perfect opportunity if you’re passionate about security and thrive in a collaborative environment. The role requires managing and supporting the Application Security discipline, maturing the vulnerability management program, integrating security within CI/CD environments, and implementing advanced DevSecOps practices. This role is crucial in shaping our application security strategy, driving the "Shift Left" approach, and ensuring that security is embedded throughout our software development lifecycle. If you are an innovative thinker with extensive experience in application security and a passion for fostering a security-first culture, we invite you to apply.

Job Responsibilities

• Operations in Security Integration: Architect and implement advanced security measures into our CI/CD pipeline, ensuring seamless automation of security testing, vulnerability management, and compliance validation across all development phases.
• Comprehensive Threat Modeling: Lead and facilitate thorough threat modeling sessions with cross-functional teams, identifying and prioritizing potential risks and vulnerabilities during the design and development stages.
• Advanced Code Analysis: Conduct expert-level static and dynamic code analysis, providing in-depth feedback and mentorship to developers on secure coding practices, while ensuring adherence to security standards.
• Tooling Innovation: Research, evaluate, and implement state-of-the-art application security tools (SAST, DAST, SCA) to automate testing processes and enhance vulnerability reporting, ensuring that security measures evolve alongside emerging threats.
• Incident Response Excellence: Collaborate with incident response teams to analyze and mitigate security incidents, developing and refining processes to learn from incidents and strengthen defenses.
• Robust Training and Advocacy: Design and deliver comprehensive security training programs for developers and stakeholders, promoting a proactive security culture and enhancing awareness of application security best practices.
• Policy Development and Governance: Drive the creation and continuous improvement of application security policies, standards, and frameworks, ensuring alignment with industry best practices, regulatory requirements, and business objectives.
• Risk Management & Remediation: Drive the risk reduction with Products, Platforms and Infrastructure by recommending security remediation approach and participating in risk reduction planning/strategy. Continue to scale Risk Remediation program by supporting risk backlog and other opportunities to reduce risk.
• Strategic Cross-Functional Collaboration: Engage effectively with DevOps, product management, product development, project managers, cloud operations and engineering, and IT teams to ensure security is integrated into the product development process, fostering a culture of shared responsibility for security.

Job Qualification

• 7+ years of hands-on experience in application security, with significant expertise in CI/CD and DevSecOps environments.
• Mastery of leading application security tools (e.g., Checkmarx, Qualys, Burp Suite, Rapid 7, Tenable, Snyk etc.) and methodologies.
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and secure coding frameworks (e.g., OWASP ASVS).
• Proficient in containerization technologies (Docker, Kubernetes) and securing cloud environments (AWS, Azure, GCP).
• Industry-recognized certifications such as CISSP, CISM, CEH, or CSSLP are strongly preferred but not required.
• Project planning, communication, and collaboration skills, with the ability to influence and drive change across diverse teams.
• BE/BTech or equivalent in Computer Science, Information Security, or a related field; advanced degrees preferred.

At Model N, we believe our collective success stems from the uniqueness of every individual's diverse backgrounds, experiences, and expertise; we call this the N Factor. So don’t allow uncertainty to keep you from applying to join our team. If you don’t meet the exact criteria but can demonstrate your skillset is the best for the job, we’d love to talk with you. We’re curious to know, what’s your N Factor?      About Model N   Model N enables life sciences and high tech companies to drive growth and market share, minimizing revenue leakage throughout the revenue lifecycle. With deep industry expertise and solutions purpose-built for these industries, Model N delivers comprehensive visibility, insight and control over the complexities of commercial operations and compliance. Our integrated cloud solution is proven to automate pricing, incentive and contract decisions to scale business profitably and grow revenue. Model N is trusted across more than 120 countries by the world’s leading pharmaceutical, medical technology, semiconductor, and high tech companies, including Johnson & Johnson, AstraZeneca, Stryker, Seagate Technology, Broadcom and Microchip Technology. For more information, visit www.modeln.com. 
We’re constantly growing and may have something for you later on if this is not the right opportunity for you. Check out our career site to learn more about Model N or view other jobs: https://www.modeln.com/company/careers/