Resumo da vaga

26-4001: Application Security Engineer.

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

Details

  • Provide security engineering support for web and API applications.
  • Integrate security controls into Secure SDLC, including threat modeling and security design reviews.
  • Ensure adherence to organizational security standards and best practices. Vulnerability Scanning & Tool Administration
  • Administer and manage vulnerability scanning tools (e.g., Tenable or similar).
  • Configure, tune, and maintain scanning policies and schedules.
  • Optimize tool performance to improve accuracy and reduce false positives. SAST & DAST Integration
  • Implement and maintain SAST and DAST tools within CI/CD pipelines.
  • Configure detection rules and improve result reliability.
  • Collaborate with engineering teams to ensure seamless integration and actionable outputs. Vulnerability Discovery & Risk Prioritization
  • Identify and validate vulnerabilities through automated and manual testing.
  • Perform false-positive analysis and assess exploitability.
  • Provide risk-based prioritization aligned with business impact. Operational Execution & Remediation
  • Review scan results and track vulnerabilities to closure.
  • Coordinate with development teams for timely remediation.
  • Ensure adherence to defined workflows and SLAs. Red Team & Offensive Security Techniques
  • Validate vulnerabilities using manual testing and offensive security methods.
  • Develop proof-of-concept exploits where required.
  • Document attack paths, reproduction steps, and impact clearly. Security Testing & Bug Validation
  • Perform manual and automated security testing for applications and APIs.
  • Reproduce and validate reported issues across environments.
  • Verify remediation effectiveness before closure.
  • Bachelor’s degree in computer science, Information Security, or related field.
  • 3–6 years of experience in Application Security or related domain.
  • Hands-on experience with SAST, DAST, and vulnerability scanning tools.
  • Strong understanding of OWASP Top 10, web application and API security.
  • Experience with CI/CD pipeline integrations (e.g., Jenkins, GitHub Actions, GitLab).
  • Knowledge of secure coding practices and common vulnerability patterns.
  • Familiarity with scripting (Python, Bash, or similar) is a plus.
  • Experience with threat modeling and secure design reviews.
  • Exposure to red teaming or penetration testing techniques.
  • Relevant certifications (e.g., OSCP, CEH, GWAPT) are a plus.
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoApplication Security EngineeringÁrea da vaga
Sinal de senioridadeMiddleNível do candidato
StackCI/CD, PythonSkills principais
Localização1 país aceitoElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.