Application Security Engineer

Job Description

Department: Information Technology Location: Ahmedabad Experience: 10+ Years Education: Bachelors/Master’s in Computer Science, Cybersecurity, or related field Certifications Preferred: CISSP, CISM, CEH, or equivalent Job Summary: We are looking for a seasoned professional to lead application security initiatives across the software development lifecycle. This role combines expertise in secure coding, threat modeling, incident response, and SOC collaboration to ensure the integrity, confidentiality, and availability of enterprise applications. The candidate will work closely with development, DevOps, and IT security teams to build and maintain a secure application environment. Key Responsibilities: Application Development & Security Lead secure design and review processes throughout the SDLC. Guide development teams on secure coding standards and best practices. Conduct threat modeling, vulnerability assessments, and penetration testing. Integrate security into CI/CD pipelines for secure deployment. Application Security Management Define and enforce security policies, standards, and procedures. Stay current on emerging threats, vulnerabilities, and compliance trends. Implement tools such as WAFs, SIEM, IDS/IPS within application ecosystems. Oversee application vulnerability management and incident response. SOC Operations & Incident Response Collaborate with SOC to improve threat detection and response for application-layer risks. Support SOC operations with security insights from the application stack. Analyze and report incidents, with plans to mitigate future risk. Collaboration & Stakeholder Management Work with cross-functional teams to solve security challenges while supporting business goals. Provide leadership on security strategy during digital transformation initiatives. Coordinate with external vendors for security reviews and audits. Training & Awareness Conduct training sessions for developers and IT staff on secure development practices. Champion a culture of security-first development across all technical teams. Required Skills: Deep understanding of SOC processes and incident response methodologies. Practical experience with SIEM, IDS/IPS, WAFs, and vulnerability management tools. Ability to translate technical risks into business risks and drive resolution. Preferred Skills: Familiarity with OWASP, NIST, ISO 27001, or related security frameworks. Understanding of cloud security for Azure, AWS, or GCP. Industry certifications such as CISSP, CISM, CEH, or equivalent.