Application Security Engineer

The Mid-Level Application Security Engineer will work alongside development and DevOps teams to integrate security into the software development lifecycle (SDLC). This role focuses on SAST/DAST/SCA tooling, secure code review, CI/CD pipeline security, and promoting security by-design across engineering teams. 

• 2-4 years of experience in Application Security, Product Security, or a development role with a strong security focus.
• Strong knowledge of OWASP Top 10 (Web), OWASP API Security Top 10, and secure development practices.
• Hands-on experience with SAST, DAST, and SCA tools such as Checkmarx, SonarQube, Veracode, Semgrep, or Snyk; ability to triage and prioritize findings from automated security scanners.
• Experience integrating security tooling into CI/CD pipelines (GitHub Actions, GitLab CI, or Jenkins) and familiarity with shift-left security principles.
• Working knowledge of cloud environments (AWS, Azure, or GCP) including IAM, secrets management, and network security controls.
• Proficiency in Python, Bash, or PowerShell for automating security checks and workflows.
• Ability to write or review code from a security perspective across common languages such as Java, Python, or JavaScript.
• Experience conducting secure code reviews and participating in design review sessions.
• Basic understanding of container and Kubernetes security concepts.
• Familiarity with vulnerability scoring (CVSS) and vulnerability management processes.
• Understanding of MITRE ATT&CK framework and the Cyber Kill Chain.
• Certifications preferred: OSWE, CWEE, CDP, CDE, or equivalent.

• Opportunities for professional growth and development.
• Competitive salary and bonuses.
• Comprehensive insurance coverage.
• Supportive work environment.
• Visa Premium salary card.
• Corporate discounts and events.
• Additional vacation days.
• Discounted education and employee loans.

• Perform static (SAST), dynamic (DAST), and software composition (SCA) results analysis on products and services.
• Configure, maintain, and fine-tune security scanning tools to reduce noise and improve signal quality.
• Integrate and manage security checks within CI/CD pipelines to enforce security gates.
• Review and enhance security architecture for web, mobile, and API-based applications.
• Collaborate with DevOps teams to improve cloud security posture across AWS, GCP, and Azure.
• Investigate product security incidents and support vulnerability management processes.
• Document and promote secure coding guidelines and security standards across engineering teams.
• Participate in design and architecture reviews to ensure security-by-design principles are applied.

Kapital Bank iş mühiti, əlavə fürsətlər və digər vakansiyaları görüntüləmək üçün Kapital Bank Life səhifəsinə keçid edin.