Senior Application Security Engineer

Client of Salt

This role sits at the intersection of engineering, DevOps, and security, driving secure coding practices and improving overall application security posture.

Key Responsibilities:

• Perform security testing across web, API, and thick client applications
• Conduct secure code reviews across multiple programming languages
• Identify and validate vulnerabilities including OWASP Top 10 and business logic flaws
• Assess API security, authentication, and authorization mechanisms
• Evaluate container security across Docker and Kubernetes environments
• Support vulnerability management, remediation tracking, and validation
• Conduct threat modelling and participate in design reviews
• Collaborate closely with development and DevOps teams to embed security into SDLC

Requirements:

• Strong hands-on experience in application security testing and code review
• Experience with SAST, DAST, SCA and security testing tools (e.g. Fortify, Checkmarx, Burp Suite, Snyk)
• Knowledge of OWASP Top 10, ASVS, and secure coding practices
• Experience with API security (OAuth, JWT, SAML)
• Exposure to container security and microservices environments
• Strong understanding of vulnerability management processes
• Certifications such as OSWE, GWAPT, CEH or similar preferred