Morgan Stanley
Application Security Engineer (Senior)
Remote Developer role with clear candidate location fit.
PostedJun 17, 2026
Eligible countries1 accepted country
Seniority signalSenior
Work settingRemote
Accepted candidate locations
India
Role overview
Application Security Engineer (Senior)
Requirements and responsibilities
Readable role content extracted into sections for faster review.
About the role
We are looking for a Senior Application Security Engineer to architect and build automated security layers within the SDLC, engineering AI-enabled secure code scanning, hardened baseline automation, and CI/CD security tooling integration across a large-scale financial services program. You will work in Python and Java to deploy and tune SAST, DAST, and SCA tools, provide code-level remediation guidance to development teams, and operate with full autonomy building automated security runbooks. The role requires 6+ years of software engineering experience with a strong AppSec and DevSecOps focus.
What you will do
- Engineer and deploy AI-enabled secure code scanning capabilities and Golden Images to drive secure-from-the-start adoption;
- Automate the development of secure coding patterns and integrate them with traditional and Agentic SDLC workflows;
- Architect the integration of continuous security scanning tools into enterprise CI/CD pipelines and tune them to eliminate noise;
- Act as a senior technical SME by reading and reviewing complex application code in Java and Python and providing software engineers with code-level remediation guidance.
Must haves
- 6+ years of software engineering experience with a strong subsequent focus on Application Security and DevSecOps;
- Strong coding and architectural proficiency in Python for security automation and scripting;
- Strong coding and architectural proficiency in Java for reviewing and securing enterprise source code;
- Deep, hands-on expertise deploying and tuning modern application security testing tools, including SAST, DAST, and SCA;
- Experience integrating application security testing tools into complex CI/CD orchestration ecosystems;
- Fully autonomous execution capability, requiring no daily supervision to map out and build automated security runbooks;
- Upper-intermediate English level.
Nice to haves
- Experience integrating LLMs, AI agents, or automated coding assistants to streamline vulnerability triaging or secure code generation;
- Advanced application threat modeling experience.
Similar roles
Keep a backup shortlist.
Devsecops, Java 6 accepted countries
Application Security Engineer (Senior)Morgan StanleyView role Devsecops, Java 8 accepted countries
Application Security EngineerMorgan StanleyView role Java, Python India
Application Security Engineer (Tech Lead)Morgan StanleyView role Java, Python 6 accepted countries
Application Security Engineer (Tech Lead)Morgan StanleyView role Stack
Use these tags to compare similar remote roles.
Location eligibility
Candidates should apply only when their profile country is listed here.
Your profileCountry not setSign in to check your country against this role.
Hiring flow
Applications are saved in WithMira for review and follow-up.
1Apply with your profile and resume snapshot.
2Recruiter reviews your fit for this position.
3Messages and recruiter decisions stay attached to this role.