We are seeking an Application Security Engineer to embed security best practices across the software development lifecycle. The ideal candidate will have strong hands-on experience with application security testing, threat modeling, and DevSecOps, and will work closely with engineering, QA, and DevOps teams to identify and remediate vulnerabilities early and continuously.
Key Responsibilities
- Integrate application security controls across the SDLC (design → build → deploy)
- Perform SAST, DAST, and SCA to identify and remediate vulnerabilities
- Conduct threat modeling and secure design reviews for new and existing applications
- Validate and triage findings; partner with developers on remediation guidance
- Embed security testing into CI/CD pipelines (DevSecOps)
- Perform secure code reviews and advise on secure coding practices
- Maintain vulnerability management workflows and risk prioritization
- • Support penetration testing activities and validate fixes
- • Contribute to security standards, policies, and secure SDLC documentation
- • Track and report security metrics and risk posture to stakeholders
Required Skills & Qualifications
• 6–10+ years of experience in Application Security / Product Security• Strong understanding of OWASP Top 10, CWE, and common web vulnerabilities
• Hands-on experience with SAST tools (Checkmarx, Fortify, SonarQube)
• Hands-on experience with DAST tools (Burp Suite, OWASP ZAP)
• Experience with SCA (dependency and license scanning)
• Working knowledge of secure coding practices in Java, .NET, JavaScript, or Python
• Experience integrating security tools into CI/CD pipelines
• Familiarity with REST APIs, authentication, and authorization mechanisms
• Strong analytical and communication skills
Good to Have
• Cloud security exposure (AWS / Azure / GCP application services)• Experience with container and Kubernetes security
• Knowledge of secrets management and key vaults
• Familiarity with IAM, OAuth, JWT
• Experience supporting SOC2, ISO 27001, or similar compliance efforts
• Security certifications (CSSLP, GWAPT, CEH)
About Vericence
Vericence is a technology and consulting services firm focused on delivering high-impact solutions across enterprise platforms, cloud, data, and digital transformation initiatives. We partner with organizations to solve complex business challenges through strong engineering, architecture, and delivery excellence.
Our teams work across a range of modern technologies including enterprise applications, cloud platforms, data engineering, API and integration frameworks, and quality engineering. At Vericence, we emphasize collaboration, technical depth, and long-term partnerships with our clients.
We are committed to building scalable, secure, and future-ready solutions while fostering a culture that values learning, accountability, and professional growth.
Equal Opportunity Employer Statement
We are an Equal Opportunity Employer and are committed to providing a workplace free from discrimination. All employment decisions are made without regard to race, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, disability, veteran status, or any other protected characteristic under applicable law.
We believe in fostering an inclusive, diverse, and respectful work environment where everyone has the opportunity to succeed.