Application Security Engineer

Job Description

Join Constructor Knowledge as an Application Security Engineer and help secure our web applications and APIs. Responsibilities include threat modeling, security architecture review, and manual and automated security testing. You'll also design and implement security pipelines, manage SBOM processes, and collaborate with development teams to remediate vulnerabilities. Stay updated on the latest security threats and provide training to development teams.

Qualifications

1. 3–5 years of experience in application security, with a focus on web applications and API security. 2. Good knowledge of at least one scripting or programming language (e.g., Python, JavaScript, C#, or Go). 3. Experience with tools like OWASP ZAP, Burp Suite, Snyk, or similar. 4. Familiarity with secure coding, DevSecOps, and container security concepts. 5. Strong understanding of CVE, CVSS, and vulnerability disclosure workflows. 6. Excellent command of business English. 7. Preferred Qualifications: 8. Knowledge of SBOM standards (CycloneDX, SPDX) and experience integrating SBOM tooling into CI/CD pipelines. 9. Knowledge of software composition analysis (SCA) tools.