Job Description

Title: Cyber Security Application Security (AppSec) Lead

In-Office Expectation: 4 days in-office 1 day remote

Job Description :

• Leverage Security Scorecard and vulnerability intel sources on application side (i.e.) Invicti Checkmarx Wiz to analyze open Vulnerabilities risk posture prioritize vulnerabilities and align remediation based on CVSS scores and business criticality.
• Act as a hands-on technical lead actively fixing vulnerabilities in code and setting remediation standards for the team.
• Should have excellent knowledge of SDLC controls including PR checks severity thresholds branch protection and release gates.
• Perform secure code reviews and directly remediate vulnerabilities such as injection flaws authentication issues insecure APIs and data exposure risks.
• Translate SAST/DAST findings into practical code fixes (input validation encryption auth controls secure configurations).
• Partner with developers to triage vulnerabilities (CWE/OWASP) and drive faster remediation (MTTR reduction).
• Demonstrate strong development expertise (.NET / Java / APIs / Web apps) with ability to debug refactor and resolve security issues.
• Integrate security into CI/CD pipelines by implementing automated scanning security gates and remediation workflows.
• Oversee cloud vulnerability remediation (Wiz) prioritizing internet-facing risks identity exposure and misconfigurations.
• Establish and track AppSec KPIs (MTTR false positives recurring vulnerabilities SLA adherence) and present insights to stakeholders.
• Lead and mentor teams by providing hands-on guidance enforcing secure coding practices and driving continuous improvement in vulnerability remediation and risk reduction.

Required Qualifications :

• Bachelors degree in Computer Science Information Technology or related field with 10 15 years of experience in application development and security.
• Proven hands-on experience in secure application development (.NET / Java / APIs / Web apps) with strong expertise in identifying and fixing code-level vulnerabilities.
• Deep knowledge of application security practices including SAST/DAST tools (Checkmarx Invicti) OWASP Top 10 CWE and CVSS-based risk prioritization.
• Strong experience in DevSecOps and CI/CD integration including implementing security gates automated scanning and secure SDLC controls.

Job Tags

Similar Jobs