Application Security Engineer

CapitalSage Holdings

Software & Data

We are seeking an experienced Application Security Engineer to help design, build, and
maintain secure applications across our development lifecycle. You will work closely with
development, DevOps, and product teams to identify and mitigate security risks in our systems.
This role requires a proactive and collaborative individual with a strong understanding of secure
coding practices and application architecture.
Key Responsibilities :

• Perform threat modeling, security reviews, and code reviews for web, mobile, and
  
• API-based applications.
  
• Integrate security best practices into the SDLC, including CI/CD pipelines.
  
• Collaborate with developers to remediate vulnerabilities and improve secure coding
  
• practices.
  
• Lead efforts around vulnerability scanning, SAST, DAST, and SCA tools.
  
• Work with QA and DevOps teams to implement automated security testing.
  
• Manage and improve the bug bounty program, triaging issues reported by external
  
• researchers.
  
• Stay up to date with the latest security threats, vulnerabilities, and technology trends.
  
• Contribute to security training and awareness initiatives for developers and engineers.
  
Define and document security requirements and policies related to applications.

• 
  

Requirements

• Bachelor in Computer Science, Electrical & Engineering or any other related degree.
  
• 3+ years in an application security or related role.
  
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and other vulnerability frameworks.
  
• Experience with secure coding in one or more languages: Python, Java, JavaScript,Go, C#, etc.
  
• Hands-on experience with tools like Burp Suite, Zap, Fortify, Checkmarx, SonarQube,etc.
  
• Familiarity with cloud security (AWS, Azure, GCP).
  
• Knowledge of authentication and authorization standards (OAuth2, JWT, SAML,etc.).
  
• Experience with DevSecOps practices and CI/CD pipelines etc.).
  
• Relevant security certifications (e.g., OSCP, CSSLP, CEH, GWAPT).
  
• Hands-on experience in penetration testing or red teaming.
  
Strong communication skills — ability to clearly explain security issues to both technical and non-technical stakeholders.

<