Application Security Engineer / Senior AppSec Engineer

This is a remote position.We are seeking a skilled Application Security Engineer to drive secure development practices and manage end-to-end application security testing, vulnerability management, and DevSecOps integration. The role requires hands-on experience in SAST/DAST tools, vulnerability scanning, CI/CD security integration, and manual security testing across web and API-based applications.Key ResponsibilitiesPerform application security assessments for web and API applications Integrate security into Secure SDLC (SSDLC) and DevSecOps pipelines Conduct threat modeling and security design reviews Execute vulnerability scans using tools like Tenable Analyze results from SAST, DAST, and manual testing Document findings including severity, exploitability, reproduction steps, and remediation guidance Integrate and maintain SAST/DAST tools within CI/CD pipelines Perform vulnerability validation, PoC development, and false-positive analysis Apply risk-based prioritization and track remediation to closure Provide L2/L3 support, incident investigation, and root cause analysis (RCA) Maintain AppSec documentation, audit evidence, and compliance reports Track and report vulnerability metrics, scan coverage, and remediation status Required SkillsStrong experience in Application Security (Web & API Security Testing) Expertise in OWASP Top 10 vulnerabilities and remediation techniques Hands-on experience with SAST tools (Checkmarx, Veracode, SonarQube) Hands-on experience with DAST tools (Burp Suite, OWASP ZAP) Experience with vulnerability scanning tools (Tenable preferred) Knowledge of Secure SDLC and DevSecOps practices Strong understanding of HTTP, REST APIs, authentication (OAuth, JWT) Proficiency in Python / Bash / PowerShell scripting Experience with CI/CD tools and pipeline security integration Familiarity with JIRA / ServiceNow or similar tracking tools Preferred QualificationsExperience in manual penetration testing and exploit development Exposure to red team techniques and offensive security testing Experience in cloud environments (AWS / Azure / GCP) Knowledge of container and microservices security (Docker, Kubernetes) Experience supporting SOC 2, ISO 27001, or similar audits Certifications (Preferred)·OSCP / OSWE / GWAPT / eWPT·CEH (Certified Ethical Hacker)·CISSP / CSSLPAWS Security Specialty / Azure Security Engineer Certified Kubernetes Security Specialist (CKS) Soft SkillsStrong analytical and problem-solving skills Excellent communication and collaboration with engineering teams Ability to work in SLA-driven environments Detail-oriented with strong documentation skills Originally posted on Himalayas