Key skills
Application security toolsContainer securityScripting languagesSecure software development lifecycleTroubleshooting scanning issuesVulnerability triageCI/CD integrationCloud-native securityAPI security testingDevSecOps practicesRelevant certificationscommunication skillsPythonBashPowerShellAWSAzureGCPKubernetesPrismaSDLCCI/CDCommunicationSnykCheckmarxOWASP
About this role
Mindlance is seeking a Senior Application Security Engineer to support application security initiatives. The role involves deploying and configuring security tools, analyzing vulnerabilities, and collaborating with development teams to ensure secure coding practices.
Responsibilities:
- Deploy and configure container scanning tools to ensure secure containerized environments
- Analyze vulnerabilities identified through SAST, DAST, SCA, and container scans, prioritizing remediation based on risk
- Develop and maintain custom scripts to automate security processes and enhance scanning capabilities
- Consult with development teams to provide secure coding guidance and assist with remediation strategies
- Onboard applications into DAST scanning workflows, ensuring proper configuration and coverage
- Configure and troubleshoot DAST scans, resolving issues related to application accessibility and scan accuracy
- Review and validate SAST and SCA findings, confirming or rejecting false positives and “mitigated by design” claims from development teams
- Document findings, create actionable reports, and communicate technical details effectively to stakeholders
Requirements:
- Strong experience with application security tools: DAST (e.g., Burp Suite, OWASP ZAP), SAST (e.g., Checkmarx, Veracode), and SCA (e.g., Black Duck, Snyk)
- Hands-on experience with container security and deployment of scanning tools (e.g., Wiz, Prisma, Aqua Security)
- Proficiency in scripting languages (Python, Bash, or PowerShell) for automation and tool integration
- Deep understanding of secure software development lifecycle (SDLC) and common vulnerabilities (OWASP Top 10)
- Ability to troubleshoot complex scanning issues and optimize configurations for accuracy and performance
- Strong analytical skills for vulnerability triage and risk prioritization
- Excellent communication skills for consulting with development teams and explaining technical findings
- Experience integrating security tools into CI/CD pipelines
- Familiarity with cloud-native security (AWS, Azure, GCP) and container orchestration (Kubernetes)
- Knowledge of API security testing and microservices architecture
- Exposure to DevSecOps practices and security automation frameworks
- Relevant certifications such as OSWE, GWAPT, or CSSLP
- Bachelor Degree: Preferred