Job Opening

Job Title: Application Security Architect – AppSec Engineering & DevSecOps

Description: As an Application Security Architect, you will design and implement a scalable AppSec program across web, mobile, APIs, and cloud-native applications. You will embed security in SDLC, lead threat modeling sessions, and ensure security tooling (SAST, DAST, SCA, IAST, etc.) is automated within DevSecOps pipelines.

Key Responsibilities :

  • Architect and scale secure SDLC and DevSecOps programs across multiple product lines.
  • Integrate and optimize security tools like SAST, DAST, SCA, and container scanning into CI/CD workflows.
  • Conduct and lead secure code reviews, threat modeling, and design reviews.
  • Define and implement AppSec standards, policies, and secure coding guidelines.
  • Collaborate with product, dev, QA, and cloud teams to shift security left.
  • Evaluate and secure third-party components, libraries, APIs, and open-source dependencies.
  • Lead mobile app security assessments (Android/iOS) using static and dynamic analysis tools.
  • Mentor developers, drive AppSec awareness, and champion secure engineering practices.

Must-Have Skills :

  • 8+ years of experience in application security, with at least 3 in an AppSec architect/lead role.
  • Deep knowledge of SAST (e.g., SonarQube, Fortify, Checkmarx), DAST (e.g., Burp Suite, ZAP), SCA, IAST, and container scanning tools.
  • Strong experience in DevSecOps pipelines using Jenkins, GitHub Actions, GitLab, Azure DevOps, or similar.
  • Expertise in secure coding practices for Java, .NET, Python, Node.js, or Go.
  • Solid experience with OWASP Top 10, ASVS, Mobile Top 10, and CWE.
  • Mobile app security testing (manual & automated) using tools like MobSF, Frida, or Drozer.
  • Experience with cloud-native security (Kubernetes, Docker, IaC scanning, secrets management).

Nice-to-Have Skills :

  • Threat modeling using STRIDE, PASTA, or similar frameworks.
  • Security certifications like OSWE, CSSLP, GWAPT, CEH, or CISSP.
  • Exposure to API security testing, GraphQL fuzzing, and BOLA identification.
  • Hands-on with IAC tools (Terraform, CloudFormation) and securing DevOps workflows.
  • Familiarity with bug bounty triage or managing responsible disclosure programs.

Why Join Us?

  • Build from scratch: zero legacy, maximum innovation.
  • Be part of core security leadership—shape policy, practice, and product.
  • Access to top tools, global projects, and research budget.
  • Competitive pay, ESOPs, and accelerated career growth.
  • Culture that respects security voices and rewards curiosity.

Ready to Architect the Future of AppSec?

If you’re passionate about application security and want to shape DevSecOps in a fast-moving environment, we want you on the team.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx