Application Security Testing Engineer
Must Have Technical/Functional Skills
Primary Skill: Application security testing engineer Secondary: Communication
Experience: 7 to 10+ years
Roles & Responsibilities
We are seeking a hands-on Application Security Engineer with strong experience in security testing, vulnerability assessment, and ethical (white-hat) security practices. The ideal candidate is proactive, has excellent problem-solving skills, and can identify, analyze, and remediate security risks across enterprise web and API-based applications. Banking or financial services experience is strongly preferred, along with a solid understanding of authentication and authorization flows.
Key Responsibilities
• Perform application security testing including SAST, DAST, and IAST for web and API-based applications. • Conduct vulnerability assessments and penetration testing using ethical/white-hat techniques. • Analyze findings, determine risk severity, and provide clear remediation guidance to engineering teams. • Validate fixes through re-testing and ensure vulnerabilities are fully mitigated. • Collaborate with development, DevOps, and architecture teams to embed security-by-design practices. • Support secure code reviews, threat modeling, and architecture risk assessments. • Assist with incident analysis, root-cause investigations, and continuous security improvements. • Stay current with emerging threats, OWASP Top 10, and evolving attack vectors.
Must-Have Skills
Strong experience in application security testing and vulnerability management. Hands-on expertise with ethical (white-hat) security testing techniques. Deep understanding of common vulnerabilities (OWASP Top 10). Experience performing both automated and manual security testing. Excellent analytical, problem-solving, and critical thinking skills. Ability to proactively identify risks and take end-to-end ownership of findings. Strong communication skills to explain security risks to technical and non-technical audiences.
Preferred / Highly Desirable Skills
Banking or Financial Services domain experience with exposure to regulatory security requirements. Strong understanding of authentication and authorization flows (OAuth 2.0, OpenID Connect, SAML, JWT). Experience securing API-driven and microservices-based architectures. Familiarity with IAM concepts, RBAC/ABAC, and secure session management. Exposure to cloud security (AWS and/or Azure), including IAM and secrets management. Experience integrating security testing into CI/CD pipelines (DevSecOps).
Security Tools & Technologies
• SAST / DAST tools (e.g., Checkmarx, Fortify, Veracode, Burp Suite, OWASP ZAP). • Vulnerability scanning and tracking tools. • Secure code review and API security testing tools. • Logging and monitoring platforms (e.g., Splunk) for security analysis.
Experience & Education
Experience: 7-10+ years of IT experience with a strong focus on application security. Education: Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent experience.
Certifications (Nice-to-Have)
• CEH, GWAPT, OSCP, CISSP, CSSLP or equivalent security certifications.
Soft Skills / Expectations
• Strong ownership mindset with a proactive security-first approach. • Ability to collaborate effectively across distributed teams. • Comfortable working in fast-paced, high-risk environments. • Passion for continuous learning and staying ahead of security threats.
Salary Range: $95,000-$130,000 a year