Senior Application Security Engineer - Remote

Overview

Sagent is seeking an Experienced IS & Cyber Threat Analyst SR Engineer to join a growing information security team responsible for securing next-generation, cloud-native financial technology systems, used by some of the largest mortgage lenders and loan servicers in Chennai India. As our Senior Application Security Engineer, you will be responsible for owning Sagent’s application security program. This role will entail delivering application security standards and solutions, driving engineering teams to evolve towards a DevSecOps model, building security automation wherever possible, and serving as formidable force for the ‘secure by default’ vision across the enterprise. This role will have abundant opportunities to challenge the “status-quo” and work with cutting-edge technologies, tools, and platforms across all 3 major cloud providers (Azure, GCP, AWS).

In Short

• Develop and update application security standards, secure coding principles, and threat modeling processes.
• Maintaining CI/CD integrated application security solutions, web application firewall technologies, and related.
• Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance.
• Integrate and mature application security testing and controls into different phases of teams’ development lifecycles.
• Coordinate application security program metrics and reporting.
• Support ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system.
• Develop application security training methods and mentoring of security champions.
• Partner with third party vendors to deliver software security tools and services.
• Coordinate and partner with third party offensive security (manual pen test) engagements.
• Provide expert consultation on application security requirements and best practices in relation to vulnerability scanning and secure application design.

Requirements

• Extensive combined hands-on experience in application security and software development.
• Experience building, deploying, and maturing CI/CD integrated application security tools.
• Solid understanding of web-based application technologies, web services/APIs, web-based authentication/single sign-on protocol and technologies.
• Deep experience working with various development technologies including programming languages/frameworks supporting both backend and frontend development, source control management systems, and CI/CD tooling.
• Ability to read and understand code at a high-level across most common programming languages, with any C#, Java, Javascript and NodeJS experience a plus.
• Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies.
• Fundamental understanding of major cloud providers (Azure, GCP, AWS).
• Strong knowledge of software security risks and threats (OWASP top 10).
• Familiarity with “secure by design” and “shift left” security principles.
• Strong understanding of development methodologies, particularly Agile and DevOps.
• Able to explain impact of vulnerabilities and mitigating strategies to both technical and non-technical stakeholders.
• Capable taking ownership of the application security function, ability to work independently with minimal guidance and act as coach to other team members as necessary.

Benefits

• Comprehensive package including Remote/Hybrid workplace options.
• Group Medical Coverage.
• Group Personal Accidental, Group Term Life Insurance Benefits.
• Flexible Time Off.
• Food@Work.
• Career Pathing.
• Summer Fridays.
• Much more!