6 to 8 Years Relevant Experience
About the Role
We’re seeking an Application Security Engineer to drive our threat modeling and secure design programs. This role involves working closely with application teams, security leadership, and governance bodies to ensure security is built into every stage of system and application design.
Key Responsibilities
- Conduct security risk assessments of applications with focus on code design and implementation.
- Develop and manage governance processes for threat modeling and secure design programs.
- Assist in drafting and maintaining threat modeling governance documentation.
- Collaborate with security leadership to define strategies that close control gaps and enforce secure design practices.
- Prepare reports for management on residual risk and non-compliance.
- Monitor and track compliance with application owners to ensure timely implementation of security controls.
- Review and validate security controls against scanning tool outputs for auditability and verification.
- Support application owners in filing appropriate security standard exceptions based on threat modeling results.
- Develop, maintain, and enhance secure design patterns, secure coding standards, and threat libraries.
Essential Skills
Must Have:
- 6–9 years of information security experience.
- Strong background in threat modeling frameworks, attack vectors, and vulnerability analysis (CAPEC, ATT&CK, STRIDE).
- Experience with application security controls (Web, API, Mobile, AI).
- Familiarity with security and application frameworks (NIST 800-53, CSF, OWASP ASVS).
- Experience with application security design and DevSecOps practices.
Good to Have:
- Knowledge of AI, ML, DevOps, and Cloud Security.
- Security certifications (CISSP, OSCP, CISM – preferred or expected within 6 months).
- Strong written and verbal communication skills.
.svg "Go To Top"){kind=icon}