Application Security Engineer, Application Security Lead
Gratitude IncApplication Security Engineer, Application Security Lead
Job Description
Key Skills
0 candidate(s) have already applied for this Job. Apply now
JOB TITLE: Application Security Engineer, Application Security Lead (DevSecOps / Azure DevOps)
WORK SET UP: Hybrid in Cubao, Quezon City
WORK SHIFT: Day shift
Salary budget: 50K - 70K. With up to 80k joining bonus
Roles and Responsibilities:
• Embed security into the SDLC by partnering with engineering and DevOps teams across planning, design, build, test, and release.
• Implement and maintain application security testing programs, including:
• SAST (Static Application Security Testing)
• DAST (Dynamic Application Security Testing)
• SCA (Software Composition Analysis)
• IAST (Interactive Application Security Testing)
• RASP (Runtime Application Self-Protection)
• Integrate security scanning and quality gates into Azure DevOps pipelines (Build/Release), ensuring repeatable and automated controls.
• Perform API security testing, including authentication/authorization validation, rate limiting checks, schema validation, and abuse testing.
• Conduct and/or coordinate security penetration testing and validate remediation effectiveness.
• Lead threat modeling and secure design reviews for new features, services, and architectures (microservices, serverless, containerized workloads).
• Establish vulnerability triage and remediation workflows: verify findings, reduce false positives, prioritize by risk, and track to closure.
• Define and promote secure coding standards and provide hands-on guidance (code review support, secure patterns, reference implementations).
• Support cloud security posture for application layers across Azure, AWS, and/or GCP, including identity, secrets, network exposure, and service configurations.
• Implement secrets management and secure configuration practices (e.g., key vault usage, environment hardening, least privilege).
• Build dashboards and metrics to report coverage and progress (scan coverage, mean time to remediate, vulnerability trends, SLA compliance).
• Evaluate and onboard AppSec tools and solutions; optimize pipelines for performance, reliability, and developer experience.
• Run enablement sessions (training, brown bags) to raise developer security maturity and reduce recurring issues.
• Participate in incident response activities related to application vulnerabilities, including root-cause analysis and prevention improvements.
Core Technical Requirements:
• Strong hands-on experience with SAST – Static Application Security Testing (tooling, tuning, triage, and remediation guidance).
• Strong hands-on experience with DAST – Dynamic Application Security Testing (scanning strategies, authenticated scans, result validation).
• Strong hands-on experience with SCA – Software Composition Analysis (open-source risk, license/compliance basics, dependency hygiene).
• Experience with IAST – Interactive Application Security Testing and/or ability to operationalize runtime testing approaches.
• Experience with RASP – Runtime Application Self-Protection concepts and/or runtime security controls in production.
• Proven capability in API Security Testing (OWASP API Top 10 understanding; authN/authZ, token handling, mass assignment, rate limits).
• Experience conducting Security Penetration Testing (web apps, APIs) and translating findings into actionable fixes.
• Strong knowledge of common app vulnerabilities (OWASP Top 10), secure coding patterns, and security testing methodologies.
Nice-to-Have (Optional)
• Experience with common AppSec tools (examples): Fortify/Checkmarx/Veracode/SonarQube (SAST), OWASP ZAP/Burp (DAST), Snyk/Mend/Black Duck (SCA).
• Experience with WAF, API gateways, or service mesh security controls.
• Security certifications (e.g., CSSLP, GWAPT, OSCP) or cloud certifications (AZ-500, AWS Security Specialty, GCP Security Engineer).
Other details:
• Open for those applicants who are currently in Philippines and already have the right to live and work in this country are eligible for this role
• At least 2 years of relevant professional working experience
• Should have minimum 2 years of experience in Android Malware Reverse
• Must not have an active or recent application with Accenture
• Amenable to work on a hybrid set-up in Cubao, Quezon City
Interested and qualified Candidates should send their CV to esther.igweonu@gratitudeindia.com
Role
Any Other
Timings
Day Shift (Permanent)
Industry
BPO
Work Mode
Hybrid
Functional Area
Any Other
Note: Myglit doesn't charge any money from candidates. If you have been asked to pay money to get this job then report to us immediately at support@myglit.com.
Interview Tips
- Giving the VNA round?
- What are the most important skills you acquired as a Soft Skills/VNA trainer?
- How would you handle an irate customer?
Get the Best Jobs
on your Fingertips
Similar Jobs
Insurance customer service representative
Gratitude Inc0 - 1 Year(s)
15 - 20 Thousand p.m
Manila, Philippines
Opentext Exstream Developer
Gratitude Inc2 - 5 Year(s)
100 - 120 Thousand p.m
Manila, Philippines
PATIENT CARE COORDINATOR
Gratitude Inc0 - 2 Year(s)
20 - 30 Thousand p.m
Manila, Philippines
CGI Taguig
Gratitude Inc1 - 33 Year(s)
20 - 30 Thousand p.m
Manila, Philippines
Training Assistant Manager- Telco/Training
Gratitude Inc3 - 4 Year(s)
Confidential
Manila, Philippines
Safety Specialist-Pharmacovigilance: (8 FTE)
Gratitude Inc2 - 3 Year(s)
40 - 50 Thousand p.m
Manila, Philippines
First Source Company -CSR Retention Account
Gratitude Inc1 - 25 Year(s)
20 - 25 Thousand p.m
Manila, Philippines
Data Modeling Techniques and Methodologies Engineer
Gratitude Inc7 - 10 Year(s)
Confidential
Manila, Philippines
Service Desk Transformation Consultant
Gratitude Inc6 - 8 Year(s)
100 - 130 Thousand p.m
Manila, Philippines
CSR -Rider support Account COGNIZANT COMPANY
Gratitude Inc2 - 29 Year(s)
30 - 40 Thousand p.m
Manila, Philippines