Job description

Seeking 110k to 120k We are seeking an experienced Application Security Engineer to help secure our software products and development lifecycle, with a strong emphasis on ISO 27001 compliance. In this role, you will work closely with engineering, DevOps, and compliance teams to ensure security is integrated into every phase of the software development lifecycle (SDLC), while supporting ongoing audit and governance efforts. Key Responsibilities: • Embed secure coding practices and threat mitigation strategies across the SDLC through developer enablement, code reviews, and architectural input. • Perform application risk assessments, threat modeling (e.g., STRIDE), and design reviews to proactively identify and reduce vulnerabilities. • Integrate security tools into CI/CD pipelines (e.g., SAST, DAST, SCA) to enable continuous security scanning and automated policy enforcement. • Support internal and external ISO 27001 audits, producing technical documentation, security controls evidence, and audit responses. • Collaborate with risk, compliance, and IT teams to align application security practices with broader information security frameworks and regulatory requirements (e.g., SOC 2, GDPR, HIPAA, FDA). • Track, triage, and remediate vulnerabilities discovered through internal testing or reported via bug bounty programs. • Contribute to security awareness initiatives and training sessions tailored for software engineers and DevOps personnel. Qualifications: Required: • 3+ years of experience in Application Security, DevSecOps, or related role • Strong knowledge of secure coding practices, OWASP Top 10, and threat modeling • Familiarity with ISO 27001 controls, audit preparation, and compliance documentation • Hands-on experience with security tools such as Snyk, Veracode, Checkmarx, or similar • Proficiency in at least one programming language (e.g., Python, JavaScript, Java, C#) • Experience working with CI/CD pipelines and cloud-native environments (e.g., GitHub Actions, GitLab CI, Azure DevOps) Preferred: • ISO 27001 Lead Implementer or Lead Auditor certification • Experience with SBOM formats (CycloneDX, SPDX) and dependency management • Familiarity with FDA or SaMD regulatory requirements • Bachelor’s degree in Computer Science, Cybersecurity, or related field • Experience with Kubernetes, container security, and cloud security best practices (AWS, Azure, or GCP)

Requirements