SDE-2 Security Engineer

Job Description We are seeking a highly skilled and experienced Security Engineer 2 (SD2) with a strong focus onApplication Security (AppSec) to join our security team. In this role, you will be responsible for conducting advanced penetration testing, identifying and remediating vulnerabilities, and strengthening the overall security posture of our systems. You will also play a critical role in security monitoring, reviewing security architecture, and collaborating with cross-functional teams to ensure the implementation of robust security controls. This position is ideal for a security professional who is deeply knowledgeable about application security, thrives on solving complex security challenges, and has a proactive approach to safeguarding systems and data. Key Responsibilities Application Security and Penetration Testing Perform advanced penetration testing on applications, APIs, and infrastructure to identify vulnerabilities and misconfigurations. Analyze application designs and architectures to detect potential security issues and recommend improvements. Collaborate with developers to provide actionable remediation guidance and secure coding practices.Security Monitoring and Incident Response Develop, implement, and monitor security alerts and dashboards for real-time threat detection. Investigate and respond to security incidents, ensuring root cause analysis and resolution. Review and improve existing monitoring tools and techniques for detecting anomalous behavior.Security Architecture Review Conduct comprehensive reviews of security architectures for new and existing systems. Work with engineering teams to integrate security controls into the software development lifecycle (SDLC). Provide security guidance during design, development, and deployment phases. General Responsibilities Stay updated on the latest security vulnerabilities, tools, and industry trends. Develop tools and processes to enhance the efficiency of security assessments and monitoring. Provide mentorship and guidance to junior security engineers (L1/SD1). Document findings, proof-of-concept exploits, and remediation strategies in clear and detailed reports. Ensure compliance with relevant security standards and frameworks (e.g., OWASP, NIST, ISO 27001).Requirements Qualifications: Bachelor s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). 3-5 years of hands-on experience in Application Security, Security Monitoring, or related roles.Skills and Competencies: Expertise in manual penetration testing tools and techniques (e.g., Burp Suite, OWASP ZAP, Metasploit). Deep understanding of application security vulnerabilities (e.g., OWASP Top Ten) and mitigation strategies. Strong experience in security monitoring tools (e.g., Splunk, ELK, SIEM solutions) and threat detection techniques. Hands-on experience with security architecture reviews and risk assessments. Familiarity with DevSecOps practices and tools (e.g., SAST, DAST, IAST). Knowledge of cryptography, secure protocols, and secure application design principles. Experience with scripting and automation (e.g., Python, Bash) is highly desirable. Strong analytical, troubleshooting, and problem-solving skills. Excellent verbal and written communication skills, including the ability to convey technical details to non-technical stakeholders.