Job description:

"Application Security Engineer
Job Summary:
This Application Security Engineer will be responsible for day-to-day engineering and operations work within our AppSec program. This includes both evaluating and setting up new AppSec tools, triaging application vulnerability findings from our existing tools, coordinating third-party pentests, and working directly with software engineers to provide software security architecture guidance. This role requires both a solid understanding of offensive and defensive software security concepts, and the ability to communicate effectively with software engineers across the firm.
Key Responsibilities:
- Collaborate with software engineers to design and facilitate the implementation of secure software architecture.
- Evaluate and set up software security tools to enhance our AppSec posture.
- Conduct security assessments of existing applications and software systems.
- Monitor and track the effectiveness of security measures and remediation efforts.
- Stay updated on the latest application security threats, trends, and best practices.
- Work closely with internal teams, including both IT and Security stakeholders, to align application security initiatives with company objectives.
- Assist in developing security training programs for software engineers.
Qualifications:
- Strong knowledge of application security architecture and tools.
- Experience with security assessment tools and methodologies.
- Ability to analyze complex security issues in software systems and provide actionable recommendations.
- Strong communication and interpersonal skills.
- Practical certifications such as those from Offensive Security, GIAC, ISC2, and others are a plus.
- Strong analytical and problem-solving skills."

• To clearly understand the client's cybersecurity environment and respective product.
• To monitor, configure, and troubleshoot cybersecurity issues and related monitoring tools
• To analyse and validate cybersecurity incidents in-detail and help the L3 team with RCA/data or logs collection
• To enable knowledge transfer/trainings through creation/ maintenance of configuration documents, test plans, operational manuals and provide operational training to L1 team.
• To analyse and fine-tune cybersecurity policies, participate in cybersecurity review calls pertaining to change requests & recommendations on cybersecurity policy changes.
• To implement changes, monitor security device performance and implements performance tuning when necessary.
• To prepare analyses and reports to highlight the project progress/challenges and ensure quality and accuracy to the client