The Mid-Level Application Security Engineer will work alongside development and DevOps teams to integrate security into the software development lifecycle (SDLC). This role focuses on SAST/DAST/SCA tooling, secure code review, CI/CD pipeline security, and promoting security by-design across engineering teams. 

• 2-4 years of experience in Application Security, Product Security, or a development role with a strong security focus.
• Strong knowledge of OWASP Top 10 (Web), OWASP API Security Top 10, and secure development practices.
• Hands-on experience with SAST, DAST, and SCA tools such as Checkmarx, SonarQube, Veracode, Semgrep, or Snyk; ability to triage and prioritize findings from automated security scanners.
• Experience integrating security tooling into CI/CD pipelines (GitHub Actions, GitLab CI, or Jenkins) and familiarity with shift-left security principles.
• Working knowledge of cloud environments (AWS, Azure, or GCP) including IAM, secrets management, and network security controls.
• Proficiency in Python, Bash, or PowerShell for automating security checks and workflows.
• Ability to write or review code from a security perspective across common languages such as Java, Python, or JavaScript.
• Experience conducting secure code reviews and participating in design review sessions.
• Basic understanding of container and Kubernetes security concepts.
• Familiarity with vulnerability scoring (CVSS) and vulnerability management processes.
• Understanding of MITRE ATT&CK framework and the Cyber Kill Chain.
• Certifications preferred: OSWE, CWEE, CDP, CDE, or equivalent.

• Opportunities for professional growth and development.
• Competitive salary and bonuses.
• Comprehensive insurance coverage.
• Supportive work environment.
• Visa Premium salary card.
• Corporate discounts and events.
• Additional vacation days.
• Discounted education and employee loans.

• Perform static (SAST), dynamic (DAST), and software composition (SCA) results analysis on products and services.
• Configure, maintain, and fine-tune security scanning tools to reduce noise and improve signal quality.
• Integrate and manage security checks within CI/CD pipelines to enforce security gates.
• Review and enhance security architecture for web, mobile, and API-based applications.
• Collaborate with DevOps teams to improve cloud security posture across AWS, GCP, and Azure.
• Investigate product security incidents and support vulnerability management processes.
• Document and promote secure coding guidelines and security standards across engineering teams.
• Participate in design and architecture reviews to ensure security-by-design principles are applied.

Kapital Bank iş mühiti, əlavə fürsətlər və digər vakansiyaları görüntüləmək üçün Kapital Bank Life səhifəsinə keçid edin.

Vakansiyalardan daha tez xəbərdar olmaq üçün Telegram kanalımıza abunə olun!