Senior Application Security Engineer
Cairo, Cairo, Egypt
Breadfast
Role Objective:
The Senior Security Engineer will be responsible for executing and advancing application security efforts through hands-on assessments, process improvements, secure development enablement, and cross-functional collaboration. They will act as a subject matter expert for security design and remediation, contributing to secure software delivery at scale.
Key Roles & Responsibilities:
Contribute to the design and implementation of the organization’s application security program.
Support the enforcement of secure coding practices and industry best standards.
Conduct threat modeling sessions, design reviews, and security walkthroughs with development teams.
Ensure alignment with regulatory frameworks and standards (e.g., OWASP, PCI-DSS, ISO 27001).
Perform static (SAST) and dynamic (DAST) application security testing using tools such as (Checkmarx, SonarQube, Veracode, Burp Suite)
Lead and conduct manual code reviews and penetration testing exercises as needed.
Prioritize, and guide remediation of vulnerabilities based on business risk and impact.
Assess third-party libraries, applications, and APIs for security risks and integration issues.
Embed security into CI/CD pipelines by integrating and optimizing automated security tools.
Provide architectural and design security consultation to product and engineering teams.
Drive awareness and adoption of secure coding practices among developers and DevOps.
Deliver security knowledge-sharing sessions and tailored training to technical teams.
Collaborate with cross-functional stakeholders (product, IT, compliance, engineering).
Support investigation and response to application security incidents.
Conduct root cause analysis and assist with implementing preventative controls.
Coordinate with the SecOps team on logging, detection, and monitoring enhancements.
Help define and report on security KPIs, risks, and remediations to management.
Stay informed on current threat trends, tools, and emerging AppSec methodologies.
Required Experience, Education, Knowledge, and Skills
2-5 years of experience in Application Security.
Bachelor's degree and/or master’s degree in cyber security, information security, computer engineering, computer science, or a related field.
Core Knowledge & Skills:
Web Application Penetration Testing (WAPT)
Mobile Application Penetration Testing (MAPT)
Secure Software Development Lifecycle (S-SDLC)
Threat Modelling
Secure Source Code Review (SSCR)
SecDevOps
Preferred Certifications:
EC-Council: E|CDE, C|ASE .NET, C|ASE JAVA, W|AHS
INE Security: eWPT, eWPTX, eMAPT
The SecOps Group (TSOG): CAP, CAPen, CAPenX, CMPen-Android, CMPen-iOS
GIAC: GWAPT, GMOB
Offensive Security (OS): OSWA, OSWE
Practical DevSecOps (PDSO): CDP, CDE, CTMP, CASP, CSSE
Mile2: C)SWAE
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs Application security Burp Suite C CASP+ Checkmarx CI/CD Compliance Computer Science DAST DevOps DevSecOps eWPT eWPTx GIAC GMOB GWAPT iOS ISO 27001 Java KPIs Monitoring Offensive security OSWE OWASP Pentesting SAST SDLC SecOps SonarQube Veracode Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.