Intermediate Application Security Engineer - Anvil

Key Responsibilities

• Design and integrate security controls into the software development lifecycle for web and cloud‑native applications.
• Perform static and dynamic application security testing, analyze findings, and work with development teams to remediate vulnerabilities.
• Develop and maintain threat models, secure coding guidelines, and security test cases aligned with OWASP Top 10.
• Collaborate with DevOps to embed security checks into CI/CD pipelines and cloud infrastructure (AWS/Azure).
• Provide security training, code reviews, and mentorship to developers to foster a security‑first culture.

Requirements

• 2–4 years of hands‑on experience in application security, including SAST/DAST tools and secure code review.
• Proficiency in Python and Java development, with a solid understanding of common vulnerabilities and mitigation techniques.
• Experience creating threat models and applying OWASP best practices to real‑world applications.
• Familiarity with cloud platforms (AWS or Azure) and integrating security into CI/CD pipelines.
• Strong analytical and communication skills, able to translate technical findings into actionable recommendations.