Senior Application Security Engineer

5+ years in application security, including 2+ years in a senior/lead role.

Expertise in threat modeling (e.g., STRIDE, PASTA), penetration testing, and secure SDLC implementation.Proficiency in code review for Java/Python/JavaScript and cloud platforms (AWS/Azure/GCP).

Hands-on experience building security tools (e.g., scanners, CI plugins) with Python/Go.

Proven track record in security architecture design and risk-based decision-making.

Security Strategy & Leadership

Define and execute security strategy for product teams, aligning with business objectives.

Lead threat modeling, security architecture reviews, and design guidance for diverse software projects.

Mentor engineers technically and professionally, fostering a culture of security excellence.

Advanced Technical Execution

Conduct adversarial security analysis using automated tools and manual techniques (e.g., custom exploit development).

Perform manual/automated secure code reviews across Java, Python, JavaScript, and cloud-native stacks.

Develop security automation tools to scale vulnerability detection (SAST/DAST/IAST enhancements).

Risk Mitigation & Innovation

Identify complex risks through offensive security research; advocate for cutting-edge mitigation technologies.

Solve novel security problems lacking predefined solutions (e.g., zero-day vulnerabilities, emergent attack vectors).

Maintain and evolve threat models for critical applications and microservices architectures.

Collaboration & Enablement

Partner with the engineering team to embed security controls into CI/CD pipelines and development practices.

Design/deliver security training programs tailored to development teams and business stakeholders.

Lead incident response for application security events and drive root-cause analysis.