Senior Security Engineer – Application & Infrastructure Security
Location
In Person
Employment Type
Full-Time
Experience Required
8+ Years
About the Role
We are seeking an experienced Senior Security Engineer to lead the security strategy, architecture, and implementation across our Web Applications, Mobile Applications (iOS & Android), Desktop Applications, APIs, Cloud Infrastructure, and DevOps environments.
The ideal candidate will be responsible for securing the entire Software Development Lifecycle (SDLC), ensuring our platforms meet industry security standards while protecting customer data, business systems, and digital assets from evolving cyber threats.
This role requires deep expertise in Application Security (AppSec), Cloud Security, Infrastructure Security, DevSecOps, Secure Architecture Design, Vulnerability Management, and Incident Response. Application security engineers typically embed security throughout the development lifecycle, including architecture reviews, code review, threat modeling, vulnerability testing, and developer guidance.
Key Responsibilities
Application Security
- Design and implement security controls for:
- Web Applications
- Mobile Applications (Android & iOS)
- Desktop Applications
- APIs & Microservices
- Conduct:
- Secure Architecture Reviews
- Threat Modeling
- Security Risk Assessments
- Code Security Reviews
- Identify and remediate vulnerabilities based on:
- OWASP Top 10
- OWASP Mobile Top 10
- API Security Standards
- Implement:
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
- SCA (Software Composition Analysis)
- Container Security Scanning
Application security engineers commonly perform code reviews, threat modeling, security testing, and DevSecOps integration to identify vulnerabilities before production deployment.
Infrastructure & Cloud Security
- Secure cloud environments:
- AWS
- Azure
- Google Cloud
- Design and maintain:
- IAM Policies
- Network Segmentation
- Security Groups
- VPN Security
- WAF Configurations
- Zero Trust Architecture
- Monitor and improve:
- Cloud Security Posture
- Infrastructure Hardening
- Data Protection Controls
- Perform regular infrastructure security audits and compliance assessments.
Security engineers are responsible for implementing security controls, protecting infrastructure, conducting risk assessments, and responding to security incidents.
DevSecOps & Secure SDLC
- Integrate security into CI/CD pipelines.
- Automate security testing during development.
- Establish secure coding standards.
- Collaborate with developers, architects, and DevOps teams.
- Develop security frameworks and reusable security libraries.
- Enforce secure deployment processes.
Modern AppSec roles are expected to integrate security into DevOps pipelines and automate security checks throughout development and deployment.
Security Monitoring & Incident Response
- Lead incident investigation and response.
- Conduct root cause analysis.
- Develop detection and response strategies.
- Manage vulnerability disclosure and remediation programs.
- Improve security monitoring and alerting capabilities.
Application security engineers frequently support incident response, breach investigations, and future risk mitigation efforts.
Governance, Risk & Compliance
- Ensure compliance with:
- ISO 27001
- SOC 2
- PCI DSS
- GDPR
- Australian Privacy Act
- Create and maintain:
- Security Policies
- Security Standards
- Security Procedures
- Conduct vendor and third-party security assessments.
Required Skills
Application Security
- OWASP Top 10
- Secure Coding Practices
- Web Security
- Mobile Security
- API Security
- Authentication & Authorization
- Cryptography
Security Testing Tools
- Burp Suite
- OWASP ZAP
- Checkmarx
- SonarQube
- Veracode
- Snyk
Cloud & Infrastructure
- AWS Security
- Azure Security
- Kubernetes Security
- Docker Security
- Network Security
- WAF Technologies
Programming Languages
Strong understanding of:
- Java
- C#
- Python
- JavaScript / TypeScript
- Node.js
- React
- Flutter
Application security professionals are expected to understand multiple programming languages and secure development practices.
Qualifications
- Bachelor's Degree in Computer Science, Cyber Security, Information Technology, or related field.
- 8+ years of Cyber Security experience.
- 5+ years focused on Application Security and Infrastructure Security.
- Experience securing large-scale SaaS, Web, Mobile, and Desktop applications.
Preferred Certifications
- CISSP
- CISM
- CEH
- OSCP
- AWS Security Specialty
- Azure Security Engineer
- OWASP Security Certification
Success Metrics
- Reduction in security vulnerabilities.
- Secure SDLC adoption across teams.
- Security compliance achievement.
- Successful penetration testing outcomes.
- Incident response effectiveness.
- Cloud security posture improvement.
Ideal Candidate
You are a security-first engineering leader who can balance business growth with enterprise-grade security. You have experience securing modern web platforms, mobile apps, desktop applications, APIs, cloud infrastructure, and DevOps pipelines while mentoring engineering teams on secure development practices.
Pay: From ₹100,000.00 per month
Work Location: In person
