Application Security Specialist – SAST & DAST

As an Application Security Specialist, you will operate within a Managed Services environment, ensuring the secure development and deployment of applications. You will collaborate with development and infrastructure teams to embed security throughout the DevSecOps lifecycle, leveraging industry best practices and advanced security tools. Key Responsibilities: Adhere to established procedures and Service Level Agreements (SLAs) for DevSecOps services. Apply in-depth application security engineering principles to support secure development practices, including design and architecture reviews, threat modeling, secure coding, testing, and build processes. Ensure secure deployment baselines and understand secure application environments and exception handling. Utilize technology-driven tools to enhance the reliability and efficiency of monitoring and management processes. Conduct manual and automated security assessments of applications. Collaborate with development teams on defect triage and remediation based on vulnerability priorities. Serve as a bridge between application development and infrastructure teams, integrating security practices across operations. Analyze and investigate application security events, including emerging threats. Monitor application threat actors and associated tactics, techniques, and procedures (TTPs). Required Qualifications: 5–8 years of experience in application security, development, testing, and security operations. Strong interest and expertise in application vulnerabilities, secure coding, and infrastructure. Solid analytical and problem-solving skills. Experience interpreting data from application security tools and monitoring systems. Knowledge of OWASP Top 10, SANS Secure Programming, and security engineering practices. Proficiency with DAST tools (e.g., WebInspect, AppScan) and SAST tools (e.g., Checkmarx, Fortify). Code review experience in languages like .NET, Java, Swift, and Objective-C. Familiarity with CVSS and vulnerability risk assessment. Experience integrating security tools into CI/CD pipelines (e.g., Jenkins, Bamboo, TeamCity). Knowledge of serverless and cloud-based environments. Experience in penetration testing across mobile, desktop, and web applications. Experience with container technologies such as Docker and Kubernetes. Strong communication skills. Proficiency in scripting languages for automation and complex queries.

Alignity Solutions Do you love a career where you Experience, Grow & Contribute at the same time, while earning at least 10% above the market? If so, we are excited to have bumped onto you. Learn how we are redefining the meaning of work, and be a part of the team raved by Clients, Job-seekers and Employees.