Key skills
Application SecuritySecure Software DevelopmentVulnerability ManagementSAST/DAST ToolsContainerization TechnologiesSecure Coding PracticesDevSecOps PrinciplesRegulatory CompliancePythonPowerShellBashAnalyticsCI/CDOWASP
About this role
North is a US based company dedicated to providing end-to-end payment solutions for businesses. They are seeking a Senior Application Security Engineer to perform architecture and security reviews, integrate software security design patterns, and lead strategic security initiatives to enhance application security across the organization.
Responsibilities:
- Perform architecture and security reviews on highly complex products to identify vulnerabilities
- Work with development teams to integrate software security design patterns throughout the application lifecycle
- Ensure critical application design and implementation decisions are based on sound security patterns, facilitate analytics process for application abuse detection, support application protection efforts, incident response and fraud
- Find security threats and vulnerabilities in applications and recommend mitigation strategies
- Participate in evaluation, deployment and operations of innovative security solutions
- Conduct static and dynamic application security testing (SAST/DAST), code reviews, security assessments and evaluations
- Implement and manage security tools, including SAST, DAST, Software Composition Analysis (SCA), and other security scanning solutions
- Drive the implementation of authentication, authorization, and access control mechanisms for APIs and platforms
- Partner with application development, engineering and operations teams to ensure a security-first approach in CI/CD pipelines
- Work closely with the offensive security team to help identify, uncover and validate weakness and exposures in critical applications
- Support incident response efforts and mitigations related to application security vulnerabilities and weaknesses
- Provide security awareness training and guidance to development teams on secure coding practices
- Lead implementation of strategic security initiatives that improve application security across the organization
- Ensure application security practices align with regulatory standards such as PCI-DSS, NIST, and OWASP guidelines
Requirements:
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, or relevant equivalent experience
- 5+ years of experience in application security, secure software development, and vulnerability management
- Experience with containerization technologies, the principles of container operation, and implementing secure operational states for containerization technologies
- Direct experience with security tools such as vulnerability scanners, DAST and SAST solutions, application testing tools, and application analysis tools
- Experience with application security practices in enterprise environments
- Strong knowledge of secure coding practices and common security vulnerabilities
- Familiarity with DevSecOps principles and integrating security into CI/CD pipelines
- Understanding of regulatory frameworks and compliance requirements (e.g., PCI-DSS, NIST, OWASP etc)
- Comfortable with scripting and automation using languages such as Python, PowerShell, or Bash