Application Security Engineer

Responsibilities

• Design, implement, and maintain secure CI/CD pipelines using Azure DevOps and automate security testing within the SDLC.
• Conduct secure code reviews for technologies including .NET, C#, Python, JavaScript, React, and Node.js.
• Perform hands-on Vulnerability Assessment and Penetration Testing (VAPT) across web applications, APIs, mobile (iOS/Android), and cloud-hosted environments.
• Lead threat modeling exercises using STRIDE to identify architectural risks and recommend mitigation strategies.
• Implement and manage security controls for Microsoft Azure services, including AKS, Azure Key Vault, and Microsoft Entra ID.
• Secure containerized workloads by implementing image scanning, Kubernetes hardening, and runtime protection.
• Support compliance with regulatory frameworks such as NCA ECC/CCC, ISO 27001, and PDPL.

Requirements

• 6–8 years of experience in DevSecOps, Application Security, or Cloud Security.
• Minimum 4 years of hands-on experience with Microsoft Azure security.
• Proven expertise in performing VAPT and STRIDE-based threat modeling.
• Strong proficiency in securing CI/CD pipelines and cloud-native/containerized applications.
• Experience with secure code review and proficiency in scripting (PowerShell, Python, or Bash).
• Experience working within Agile and DevOps environments.

Preferred Qualifications

• Relevant certifications such as CISSP, CCSP, OSCP, OSWE, or CKS/CKA.
• Experience with Azure Security certifications.
• Proficiency with security tools like Microsoft Defender for Cloud, GitHub Advanced Security, SonarQube, or Burp Suite Professional.

About the Company

Practical DevSecOps is dedicated to driving secure software development and cloud security initiatives through expert-led engineering and DevSecOps integration.