{bc}
naukri

Application Security Engineer

Practical DevSecOps
Eastern Province, KSA
Senior
1 weeks ago
AzureAzure DevOpsSecure SDLCThreat ModelingVAPTCloud Security
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

AzureAzure DevOpsSecure SDLC
Smart Apply

Full Job Posting

Role Overview

  • We are seeking a highly skilled Application Security Engineer with 6 8 years of experience to drive secure software development, cloud security, and application security initiatives across enterprise environments.
  • The ideal candidate will possess strong hands on expertise in Microsoft Azure, Azure DevOps, Secure SDLC, Threat Modeling, Vulnerability Assessment & Penetration Testing (VAPT), Cloud Security, and Secure Application Architecture.
  • This position is approximately 80% hands on technical execution and 20% governance, standards, and security advisory activities.

Key Responsibilities DevSecOps & Secure SDLC

  • Design, implement, and maintain secure CI/CD pipelines using Azure DevOps.
  • Integrate security controls into all phases of the software development lifecycle.
  • Embed DevSecOps practices across development, testing, deployment, and operational processes.
  • Automate security testing and validation activities within CI/CD pipelines.
  • Establish secure coding standards, security gates, and release controls.
  • Collaborate with development teams to remediate security vulnerabilities and improve security posture.
  • Develop reusable security controls, templates, and secure development frameworks.

Key Responsibilities Application Security

  • Conduct secure code reviews for .NET, C#, Python, JavaScript, React, Angular, Node.js, and related technologies.
  • Perform application security assessments against web applications, APIs, microservices, and cloud native workloads.
  • Identify security weaknesses and provide remediation guidance.
  • Validate remediation activities and verify closure of identified vulnerabilities.
  • Provide technical consultation on secure application architecture and design.

Key Responsibilities VAPT

  • Perform hands on vulnerability assessments and penetration testing for web applications, APIs, mobile (iOS and Android), cloud hosted applications, Azure environments, SAST & DAST, secure code review, containers and Kubernetes platforms.
  • Conduct authenticated and unauthenticated security assessments.
  • Execute manual validation of automated scan findings.
  • Analyze and prioritize vulnerabilities based on business and technical risk.
  • Support remediation efforts and perform retesting activities.
  • Maintain awareness of emerging attack techniques and security threats.

Key Responsibilities Threat Modeling & Secure Design

  • Independently conduct threat modeling exercises using STRIDE and industry recognized methodologies.
  • Develop and maintain threat libraries, attack trees, misuse cases, and secure design patterns.
  • Facilitate threat modeling workshops with architects, developers, and project teams.
  • Identify architectural security risks and recommend mitigation strategies.
  • Review application and cloud solution designs from a security perspective.

Key Responsibilities Cloud Security Engineering (Azure)

  • Design and implement security controls for Microsoft Azure environments.
  • Secure Azure native services including Azure App Services, Azure Kubernetes Service (AKS), Azure Storage, Azure Key Vault, Azure API Management, Azure Functions, Azure SQL Services.
  • Implement identity and access management controls using Microsoft Entra ID.
  • Manage and optimize Microsoft Defender for Cloud, Defender for DevOps, Defender for Containers, and Defender XDR capabilities.
  • Conduct Azure security reviews, architecture assessments, and configuration hardening activities.
  • Implement security monitoring, alerting, and cloud security best practices.

Key Responsibilities Container & Kubernetes Security

  • Secure containerized applications throughout the development lifecycle.
  • Implement container image scanning and vulnerability management processes.
  • Harden Kubernetes and AKS environments.
  • Secure Kubernetes workloads, secrets management, ingress configurations, RBAC controls, and network policies.
  • Implement runtime protection and container security monitoring capabilities.

Key Responsibilities Technical Risk Assessments

  • Perform application security risk assessments.
  • Perform cloud security risk assessments.
  • Perform infrastructure security assessments.
  • Conduct technical security reviews for new projects and technology implementations.
  • Evaluate security risks and recommend mitigation strategies.
  • Develop risk reports and communicate findings to technical and business stakeholders.

Required Experience

  • 6 8 years of experience in DevSecOps, Application Security, Cloud Security, or related cybersecurity domains.
  • Minimum 4 years of hands on Azure security experience.
  • Proven experience implementing DevSecOps practices in enterprise environments.
  • Demonstrated experience performing hands on VAPT activities.
  • Proven experience conducting STRIDE based threat modeling exercises.
  • Experience securing cloud native and containerized applications.
  • Experience supporting compliance and regulatory security requirements.
  • Experience working in Agile and DevOps environments.

Preferred Certifications

  • Three or more of the following certifications is highly desirable: CISSP, CCSP, OSCP, OSWE, GWAPT, CEH, GIAC Cloud Security Certifications, Kubernetes Security Specialist (CKS), Kubernetes Administrator (CKA), Azure Security certifications or equivalent practical experience.
  • Equivalent demonstrable experience may be considered in lieu of certifications.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today