Principal Application Security Engineer

Model N Global Information Security team is seeking a Principal Application Security Engineer with deep expertise and a proven track record in Application/Product Security domain. If youre passionate about security and thrive in a collaborative environment, this is the perfect opportunity for you.

The role requires managing and supporting Application Security discipline, maturing vulnerability management program, integrating security within CI/CD environments and implementing advanced DevSecOps practices. This role is crucial in shaping our application security strategy, driving the "Shift Left" approach, and ensuring that security is embedded throughout our software development lifecycle.

If you are an innovative thinker with extensive experience in application security and a passion for fostering a security-first culture, we invite you to apply.

Job Responsibilities:

• Operations in Security Integration: Architect and implement advanced security measures into our CI/CD pipeline, ensuring seamless automation of security testing, vulnerability management, and compliance validation across all development phases.
• Comprehensive Threat Modeling: Lead and facilitate thorough threat modeling sessions with cross-functional teams, identifying and prioritizing potential risks and vulnerabilities during the design and development stages.
• Advanced Code Analysis: Conduct expert-level static and dynamic code analysis, providing in-depth feedback and mentorship to developers on secure coding practices, while ensuring adherence to security standards.
• Tooling Innovation: Research, evaluate, and implement state-of-the-art application security tools (SAST, DAST, SCA) to automate testing processes and enhance vulnerability reporting, ensuring that security measures evolve alongside emerging threats.
• Incident Response Excellence: Collaborate with incident response teams to analyze and mitigate security incidents, developing and refining processes to learn from incidents and strengthen defenses.
• Robust Training and Advocacy: Design and deliver comprehensive security training programs for developers and stakeholders, promoting a proactive security culture and enhancing awareness of application security best practices.
• Policy Development and Governance: Drive the creation and continuous improvement of application security policies, standards, and frameworks, ensuring alignment with industry best practices, regulatory requirements, and business objectives.
• Risk Management & Remediation: Drive the risk reduction with Products, Platforms and Infrastructure by recommending security remediation approach and participating in risk reduction planning/strategy. Continue to scale Risk Remediation program by supporting risk backlog and other opportunities to reduce risk.
• Strategic Cross-Functional Collaboration: Engage effectively with DevOps, product management, product development, project managers, cloud operations and engineering, and IT teams to ensure security is integrated into the product development process, fostering a culture of shared responsibility for security.

Job Qualifications:

Education: Bachelors degree or equivalent in Computer Science, Information Security, or a related field; advanced degrees preferred.

Experience: 7+ years of hands-on experience in application security, with significant expertise in CI/CD and DevSecOps environments.

Technical Expertise:

Mastery of leading application security tools (e.g., Checkmarx, Qualys, Burp Suite, Rapid 7, Tenable, Snyk etc.) and methodologies.

In-depth knowledge of web application vulnerabilities (OWASP Top 10) and secure coding frameworks (e.g., OWASP ASVS).

Proficient in containerization technologies (Docker, Kubernetes) and securing cloud environments (AWS, Azure, GCP).

Certifications: Industry-recognized certifications such as CISSP, CISM, CEH, or CSSLP are strongly preferred but not required.

Exceptional Soft Skills: Project planning, communication, and collaboration skills, with the ability to influence and drive change across diverse teams.

If youre excited about embedding security into the development lifecycle and driving a Shift Left culture, we want to hear from you! Join us and be part of something amazingwhere your contributions make a real difference!