- Home
- Jobs
- Practical DevSecOps
- Application Security Engineer
Application Security Engineer
Job Description Roles & Responsibilities ROLE OVERVIEW: We are seeking a highly skilled Application Security Engineer with 6 8 years of experience to drive secure software development, cloud security, and application security initiatives across enterprise environments. The ideal candidate will possess strong hands-on expertise in Microsoft Azure, Azure DevOps, Secure SDLC, Threat Modeling, Vulnerability Assessment & Penetration Testing (VAPT), Cloud Security, and Secure Application Architecture. This role requires deep technical involvement in integrating security throughout the software development lifecycle while supporting secure cloud adoption and compliance with organizational security requirements. This position is approximately 80% hands-on technical execution and 20% governance, standards, and security advisory activities. KEY RESPONSIBILITIES: DevSecOps & Secure SDLC Design, implement, and maintain secure CI/CD pipelines using Azure DevOps. Integrate security controls into all phases of the software development lifecycle. Embed DevSecOps practices across development, testing, deployment, and operational processes. Automate security testing and validation activities within CI/CD pipelines. Establish secure coding standards, security gates, and release controls. Collaborate with development teams to remediate security vulnerabilities and improve security posture. Develop reusable security controls, templates, and secure development frameworks. Application Security Conduct secure code reviews for .NET, C#, Python, JavaScript, React, Angular, Node.js, and related technologies. Perform application security assessments against web applications, APIs, microservices, and cloud-native workloads. Identify security weaknesses and provide remediation guidance. Validate remediation activities and verify closure of identified vulnerabilities. Provide technical consultation on secure application architecture and design. Vulnerability Assessment & Penetration Testing (VAPT) Perform hands-on vulnerability assessments and penetration testing for: o Web applications o APIs o Mobile- iOS and Androido Cloud-hosted applications o Azure environments o SAST & DAST o Secure Code Review o Containers and Kubernetes platforms Conduct authenticated and unauthenticated security assessments. Execute manual validation of automated scan findings. Analyze and prioritize vulnerabilities based on business and technical risk. Support remediation efforts and perform retesting activities. Maintain awareness of emerging attack techniques and security threats. Threat Modeling & Secure Design Independently conduct threat modeling exercises using STRIDE and industry-recognized methodologies. Develop and maintain threat libraries, attack trees, misuse cases, and secure design patterns. Facilitate threat modeling workshops with architects, developers, and project teams. Identify architectural security risks and recommend mitigation strategies. Review application and cloud solution designs from a security perspective. Cloud Security Engineering (Azure) Design and implement security controls for Microsoft Azure environments. Secure Azure-native services including: o Azure App Services o Azure Kubernetes Service (AKS) o Azure Storage o Azure Key Vault o Azure API Management o Azure Functions o Azure SQL Services Implement identity and access management controls using Microsoft Entra ID. Manage and optimize Microsoft Defender for Cloud, Defender for DevOps, Defender for Containers, and Defender XDR capabilities. Conduct Azure security reviews, architecture assessments, and configuration hardening activities. Implement security monitoring, alerting, and cloud security best practices. Container & Kubernetes Security Secure containerized applications throughout the development lifecycle. Implement container image scanning and vulnerability management processes. Harden Kubernetes and AKS environments. Secure Kubernetes workloads, secrets management, ingress configurations, RBAC controls, and network policies. Implement runtime protection and container security monitoring capabilities.Technical Risk Assessments Perform application security risk assessments. Perform cloud security risk assessments. Perform infrastructure security assessments. Conduct technical security reviews for new projects and technology implementations. Evaluate security risks and recommend mitigation strategies. Develop risk reports and communicate findings to technical and business stakeholders. REQUIRED EXPERIENCE 6 8 years of experience in DevSecOps, Application Security, Cloud Security, or related cybersecurity domains. Minimum 4 years of hands-on Azure security experience. Proven experience implementing DevSecOps practices in enterprise environments. Demonstrated experience performing hands-on VAPT activities. Proven experience conducting STRIDE-based threat modeling exercises. Experience securing cloud-native and containerized applications. Experience supporting compliance and regulatory security requirements. Experience working in Agile and DevOps environments. PREFERRED CERTIFICATIONS Three or more of the following certifications is highly desirable: CISSP CCSP OSCP OSWE GWAPT CEH GIAC Cloud Security Certifications Kubernetes Security Specialist (CKS) Kubernetes Administrator (CKA) Azure Security certifications or equivalent practical experience Equivalent demonstrable experience may be considered in lieu of certifications. SOFT SKILLS Strong analytical and problem-solving abilities. Excellent communication and stakeholder management skills. Ability to translate technical risks into business impact. Strong collaboration skills across development, operations, architecture, and security teams. Self-driven with a continuous learning mindset. Ability to work independently and lead security initiatives. Company Industry IT - Software Services Department / Functional Area IT Software Keywords Application Security Engineer Get real-time job updates only on our App
Ready to apply?
You are viewing this role on JobSphere AI. Applications are completed on the original employer / source website.
Apply NowOpens the employer's site in a new tab
- CompanyPractical DevSecOps
- LocationDubai , Sharjah - United Arab Emirates (UAE)
- CategoryFullStack
- SourceNaukrigulf
- Listed9h ago
Related FullStack jobs
Senior FullStack Developer - Flutter/Node/React
Job Title: Senior FullStack Developer - Flutter/Node/ React (Arabic Speaker) Experience: 7 10 Years Employment Type: Full-Time Location: Riyadh - Saudi Arabia…
Director of Engineering
Seesaw is seeking a technically elite Director of Engineering based in Amman, Jordan, to lead and scale our regional engineering hub. You will be responsible…
Freelance Data Scraping Engineer (Python)
Mindrift is looking for highly skilled Python Data Scraping Engineers to join the Tendem project and drive specialized data scraping workflows within our…
Software Engineer
We are seeking a skilled Software Engineer to join our innovative engineering teams. As a Software Engineer, you will play a crucial role in designing…