Application Security Engineer

The Mid-Level Application Security Engineer will work alongside development and DevOps teams to integrate security into the software development lifecycle (SDLC). This role focuses on SAST/DAST/SCA tooling, secure code review, CI/CD pipeline security, and promoting security by-design across engineering teams. 

• 2-4 years of experience in Application Security or Product Security roles.

• Certifications preferred: OSWE, CWEE, CDP, CDE, AWS Security Specialty, or equivalent.

• Understanding of frameworks such as MITRE ATT&CK and the Cyber Kill Chain.

• Familiarity with vulnerability scoring (CVSS) and vulnerability management processes. 

• Opportunity to learn through working
• Familiarity with a real banking environment
• Gaining practical knowledge and experience
• Development of communication and customer service skills
• Improving teamwork abilities
• Support from a professional mentor
• Chance to build a future career at Bir Ecosysem

• Perform static (SAST), dynamic (DAST), and software composition (SCA) analysis on products and services.

• Configure, maintain, and fine-tune security scanning tools to reduce noise and improve signal quality.

• Integrate and manage security checks within CI/CD pipelines to enforce security gates.

• Review and enhance security architecture for web, mobile, and API-based applications.

• Collaborate with DevOps teams to improve cloud security posture across AWS, GCP, and Azure. • Investigate product security incidents and support vulnerability management processes.

• Document and promote secure coding guidelines and security standards across engineering teams.

• Participate in design and architecture reviews to ensure security-by-design principles are applied. 

Kapital Bank iş mühiti, əlavə fürsətlər və digər vakansiyaları görüntüləmək üçün Kapital Bank Life səhifəsinə keçid edin.