Senior Cyber Security Engineer – Application Security

About the role

As a Senior Cyber Security Engineer you will lead the protection of our applications and infrastructure. You will work closely with development, operations and compliance teams to embed security throughout the software development life cycle and reduce risk exposure.

Key responsibilities

• Partner with development teams to integrate security practices across the SDLC.
• Perform code security assessments to identify vulnerabilities such as SQL injection, XSS and insecure APIs.
• Lead threat‑modeling sessions and conduct risk assessments for new features.
• Deploy, configure and maintain static and dynamic application security testing tools.
• Provide remediation guidance and ensure sensitive data is protected during builds and deployments.
• Assist in replacing insecure third‑party libraries and components.
• Support internal and external audits on application and infrastructure security.
• Strengthen CI/CD pipelines with secure configurations and automation.
• Monitor emerging threats, vulnerabilities and application‑security trends.
• Deliver training and mentorship on secure coding standards.
• Develop and maintain internal playbooks, documentation and security guidelines.
• Ensure cloud services (AWS, Azure, GCP) are deployed with secure configurations.
• Review and optimize access permissions, network policies and identity management.

Required profile

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity or related field.
• Minimum 5 years of experience in Application Security, Security Engineering or DevSecOps.
• Strong knowledge of web application vulnerabilities (OWASP Top 10, CWE Top 25) and remediation.
• Experience with security testing tools such as Burp Suite, OWASP ZAP, Checkmarx, Veracode or Fortify.
• Hands‑on experience with CI/CD and security automation (Jenkins, GitLab CI, GitHub Actions).
• Cloud security expertise in AWS, Azure or GCP.
• Familiarity with container and micro‑services security (Docker, Kubernetes).
• Understanding of compliance standards (ISO 27001, SOC 2, PCI DSS, GDPR).

Required skills

• OWASP Top 10, CWE Top 25
• Burp Suite, OWASP ZAP, Checkmarx, Veracode, Fortify
• Java, Python, JavaScript, C#
• Jenkins, GitLab CI, GitHub Actions
• AWS, Azure, GCP (IAM, secrets management, networking)
• Docker, Kubernetes
• Terraform, CloudFormation
• API security testing and automation