Application Security Engineer
Guadalajara, Jalisco, Mexico
Full Time
1 hour ago
No H1B
Key skills
Cyber SecurityJavaJenkinsPython.NETC++CGitHub ActionsGitHubCI/CDCommunicationCollaborationSnykOWASP
About this role
Role Overview
- Implement and operationalize a Secure Software Development Lifecycle (SSDLC) across products, including defining processes, controls, and security checkpoints in collaboration with cross‑functional teams.
- Execute and scale automated application security testing in CI/CD pipelines, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA) API and runtime security testing.
- Triage, validate, and prioritize security findings, reduce false positives, and partner with engineering teams to drive effective remediation.
- Perform hands‑on application security activities, including threat modeling, secure design reviews, code reviews, and targeted security testing aligned to OWASP Top 10 and CWE Top 25 risks.
- Support vulnerability disclosure and bug bounty programs, including intake, validation, coordination, and remediation tracking.
- Contribute to application security awareness and training, helping developers understand secure coding practices and common vulnerability patterns.
- Develop and maintain application security metrics and dashboards, providing a consolidated (“single pane of glass”) view of risk posture through automation.
- Research emerging technologies, frameworks, and attack techniques and assess their applicability and risk to current and future products.
- Collaborate with Quality, Regulatory, Legal, Privacy, Compliance, Architecture, and Product Development teams to ensure security is designed in, verified during development, and managed in production.
- Support cybersecurity documentation and evidence required for regulatory submissions in regulated product environments.
Requirements
- Bachelor’s degree in information security or computer science, or equivalent practical experience.
- 3–5 years of experience in cybersecurity with a strong focus on application security, product security, or DevSecOps.
- Hands‑on experience with tooling, such as: SAST, DAST, SCA, IAST, and API testing tools. Examples include Check Marx, Snyk, ZAP, Dependency‑Track, GitHub Actions, Jenkins, or similar.
- Demonstrated ability to identify, validate, and explain OWASP Top 10 and CWE Top 25 vulnerabilities.
- Experience integrating security testing into CI/CD pipelines and modern development workflows.
- Familiarity with vulnerability disclosure and bug bounty programs.
- Working knowledge of at least one common programming language (e.g., C, C++, Java, .NET, Python, or similar).
- Understanding of threat modeling, attack surfaces, common exploit classes, and frameworks such as MITRE ATT&CK.
- Strong written and verbal communication skills, with the ability to translate security risks into clear, actionable guidance for technical and non‑technical audiences.
Tech Stack
- Cyber Security
- Java
- Jenkins
- Python
- .NET
Benefits
- Health insurance
- Professional development opportunities
- Paid time off