Application Security Engineer, Application Security Lead (DevSecOps / Azure DevOps)

Gratitude Inc

85 Views

3 days ago

Application Security Engineer, Application Security Lead (DevSecOps / Azure DevOps)

3-5 Year(s)

50 - 65 Thousand p.m

Manila (Cubao Quezon City)

Job Description

Key Skills

Android Malware Reverse Static Application Security Testing Dynamic Application Security Testing Software Composition Analysis DevSecOps

0 candidate(s) have already applied for this Job. Apply now

JOB TITLE: Application Security Engineer, Application Security Lead (DevSecOps / Azure DevOps)
WORK SET UP: Hybrid in Cubao, Quezon City
WORK SHIFT: Day shift
Salary budget: 50K - 65K

Your resume or CV must include your photo to ensure the accuracy of your application.

Roles and Responsibilities:

• Embed security into the SDLC by partnering with engineering and DevOps teams across planning, design, build, test, and release.
• Implement and maintain application security testing programs, including:
• SAST (Static Application Security Testing)
• DAST (Dynamic Application Security Testing)
• SCA (Software Composition Analysis)
• IAST (Interactive Application Security Testing)
• RASP (Runtime Application Self-Protection)
• Integrate security scanning and quality gates into Azure DevOps pipelines (Build/Release), ensuring repeatable and automated controls.
• Perform API security testing, including authentication/authorization validation, rate limiting checks, schema validation, and abuse testing.
• Conduct and/or coordinate security penetration testing and validate remediation effectiveness.
• Lead threat modeling and secure design reviews for new features, services, and architectures (microservices, serverless, containerized workloads).
• Establish vulnerability triage and remediation workflows: verify findings, reduce false positives, prioritize by risk, and track to closure.
• Define and promote secure coding standards and provide hands-on guidance (code review support, secure patterns, reference implementations).
• Support cloud security posture for application layers across Azure, AWS, and/or GCP, including identity, secrets, network exposure, and service configurations.
• Implement secrets management and secure configuration practices (e.g., key vault usage, environment hardening, least privilege).
• Build dashboards and metrics to report coverage and progress (scan coverage, mean time to remediate, vulnerability trends, SLA compliance).
• Evaluate and onboard AppSec tools and solutions; optimize pipelines for performance, reliability, and developer experience.
• Run enablement sessions (training, brown bags) to raise developer security maturity and reduce recurring issues.
• Participate in incident response activities related to application vulnerabilities, including root-cause analysis and prevention improvements.

Core Technical Requirements:

• Strong hands-on experience with SAST – Static Application Security Testing (tooling, tuning, triage, and remediation guidance).
• Strong hands-on experience with DAST – Dynamic Application Security Testing (scanning strategies, authenticated scans, result validation).
• Strong hands-on experience with SCA – Software Composition Analysis (open-source risk, license/compliance basics, dependency hygiene).
• Experience with IAST – Interactive Application Security Testing and/or ability to operationalize runtime testing approaches.
• Experience with RASP – Runtime Application Self-Protection concepts and/or runtime security controls in production.
• Proven capability in API Security Testing (OWASP API Top 10 understanding; authN/authZ, token handling, mass assignment, rate limits).
• Experience conducting Security Penetration Testing (web apps, APIs) and translating findings into actionable fixes.
• Strong knowledge of common app vulnerabilities (OWASP Top 10), secure coding patterns, and security testing methodologies.

DevOps / DevSecOps & Delivery Tooling

• Demonstrated DevOps background with CI/CD, automation, and pipeline-based deployments.
• Demonstrated DevSecOps background integrating security into pipelines with quality gates and developer-friendly workflows.
• Working knowledge of Azure DevOps (Repos, Pipelines, Build/Release, Artifacts, Boards) and integrating security scanning into it.
• Experience with Infrastructure-as-Code and pipeline automation concepts (e.g., YAML pipelines, reusable templates, policy-as-code).

Cloud & Engineering Background:

• Hands-on experience with at least one major Cloud Platform (Azure, GCP, AWS); familiarity with identity, networking, secrets, and logging.
• Dev background (software engineering experience) in one or more languages (e.g., C#, Java, JavaScript/TypeScript, Python, Go) with the ability to read and review code.
• Familiarity with containers and modern app architectures (microservices, Kubernetes/AKS/EKS/GKE, serverless).

Professional / Collaboration Skills:

• Ability to communicate risk clearly to engineers and leadership, balancing security requirements with delivery needs.
• Strong stakeholder management, collaboration, and influence skills—able to drive security adoption without relying on authority.
• Experience establishing standards, playbooks, and measurable outcomes (KPIs/SLAs) for application security programs.

Role

Security

Timings

Day Shift (Permanent)

Industry

BPO

Work Mode

Hybrid

Functional Area

IT Software/Hardware

Note: Myglit doesn't charge any money from candidates. If you have been asked to pay money to get this job then report to us immediately at support@myglit.com.