Application Security Engineer, Application Security Lead

Gratitude Inc

41 Views

6 hours ago

Application Security Engineer, Application Security Lead

2-30 Year(s)

50 - 70 Thousand p.m

Manila (Cubao Quezon City)

Job Description

Key Skills

Stakeholder Management

0 candidate(s) have already applied for this Job. Apply now

JOB TITLE: Application Security Engineer, Application Security Lead (DevSecOps / Azure DevOps)
WORK SET UP: Hybrid in Cubao, Quezon City
WORK SHIFT: Day shift
Salary budget: 50K - 70K. With up to 80k joining bonus

Roles and Responsibilities:

• Embed security into the SDLC by partnering with engineering and DevOps teams across planning, design, build, test, and release.
• Implement and maintain application security testing programs, including:
• SAST (Static Application Security Testing)
• DAST (Dynamic Application Security Testing)
• SCA (Software Composition Analysis)
• IAST (Interactive Application Security Testing)
• RASP (Runtime Application Self-Protection)
• Integrate security scanning and quality gates into Azure DevOps pipelines (Build/Release), ensuring repeatable and automated controls.
• Perform API security testing, including authentication/authorization validation, rate limiting checks, schema validation, and abuse testing.
• Conduct and/or coordinate security penetration testing and validate remediation effectiveness.
• Lead threat modeling and secure design reviews for new features, services, and architectures (microservices, serverless, containerized workloads).
• Establish vulnerability triage and remediation workflows: verify findings, reduce false positives, prioritize by risk, and track to closure.
• Define and promote secure coding standards and provide hands-on guidance (code review support, secure patterns, reference implementations).
• Support cloud security posture for application layers across Azure, AWS, and/or GCP, including identity, secrets, network exposure, and service configurations.
• Implement secrets management and secure configuration practices (e.g., key vault usage, environment hardening, least privilege).
• Build dashboards and metrics to report coverage and progress (scan coverage, mean time to remediate, vulnerability trends, SLA compliance).
• Evaluate and onboard AppSec tools and solutions; optimize pipelines for performance, reliability, and developer experience.
• Run enablement sessions (training, brown bags) to raise developer security maturity and reduce recurring issues.
• Participate in incident response activities related to application vulnerabilities, including root-cause analysis and prevention improvements.

Core Technical Requirements:

• Strong hands-on experience with SAST – Static Application Security Testing (tooling, tuning, triage, and remediation guidance).
• Strong hands-on experience with DAST – Dynamic Application Security Testing (scanning strategies, authenticated scans, result validation).
• Strong hands-on experience with SCA – Software Composition Analysis (open-source risk, license/compliance basics, dependency hygiene).
• Experience with IAST – Interactive Application Security Testing and/or ability to operationalize runtime testing approaches.
• Experience with RASP – Runtime Application Self-Protection concepts and/or runtime security controls in production.
• Proven capability in API Security Testing (OWASP API Top 10 understanding; authN/authZ, token handling, mass assignment, rate limits).
• Experience conducting Security Penetration Testing (web apps, APIs) and translating findings into actionable fixes.
• Strong knowledge of common app vulnerabilities (OWASP Top 10), secure coding patterns, and security testing methodologies.

Nice-to-Have (Optional)
• Experience with common AppSec tools (examples): Fortify/Checkmarx/Veracode/SonarQube (SAST), OWASP ZAP/Burp (DAST), Snyk/Mend/Black Duck (SCA).
• Experience with WAF, API gateways, or service mesh security controls.
• Security certifications (e.g., CSSLP, GWAPT, OSCP) or cloud certifications (AZ-500, AWS Security Specialty, GCP Security Engineer).

Other details:
• Open for those applicants who are currently in Philippines and already have the right to live and work in this country are eligible for this role
• At least 2 years of relevant professional working experience
• Should have minimum 2 years of experience in Android Malware Reverse
• Must not have an active or recent application with Accenture
• Amenable to work on a hybrid set-up in Cubao, Quezon City

Interested and qualified Candidates should send their CV to esther.igweonu@gratitudeindia.com

Role

Any Other

Timings

Day Shift (Permanent)

Industry

BPO

Work Mode

Hybrid

Functional Area

Any Other

Note: Myglit doesn't charge any money from candidates. If you have been asked to pay money to get this job then report to us immediately at support@myglit.com.