Java Security Testing Engineer

OpenKyber is looking for Senior Application Security Engineer for one of its clients in Remote

Job Title: Senior Application Security Engineer

Required Skills: - Bachelor's degree or equivalent combination of education and experience.

- 7+ years of experience in Application and API Security within a DevSecOps environment.

- Required certifications include at least one CISSP, CSSLP, CCSP, GSEC, CEH, CISM, or CRISC, in addition to platform-specific certifications (AWS, Microsoft, Cisco, etc.) or domain specific certifications (OSWE, OSCP, GWAPT, or GWEB).

- Experience in Property & Casualty insurance or other regulated industries preferred.

- Proven experience securing SaaS and custom applications in complex multi-cloud environments, applying security best practices and compliance frameworks.

- Expert knowledge of secure SDLC principles, application and API security, container security, and secure coding practices.

- Deep familiarity with OWASP Top 10, OWASP API Security Top 10, and CWE in DevOps environments using TeamCity, Azure Pipelines, GitHub Actions, and Bitbucket Pipelines.

- Extensive experience automating security scans and integrating SAST, SCA, IAST, DAST, and secrets detection tools into CI/CD pipelines.

- Proficiency in managing application security tools, including SonarQube, Black Duck, Synopsys Seeker, Snyk, and Wiz Code.

- Strong understanding of modern authentication and authorization protocols, including OAuth2, OIDC, JWT, and mTLS.

- Knowledge of cryptographic protocols and standards such as SSL/TLS, SSH, PKI, and emerging quantum-resistant encryption techniques.

- Solid understanding of security standards and frameworks, including NIST CSF, NY DFS, MI DIFS, HIPAA/HITECH, MITRE ATT&CK, and domain-specific regulatory requirements.

- In-depth knowledge of common attack vectors and tactics, with a focus on proactive defence and risk mitigation.

- Proficient in vulnerability assessment and penetration testing tools, capable of identifying, analysing, and remediating vulnerabilities across applications and systems.

- Familiarity with enterprise platforms such as Guidewire, Salesforce, Databricks, and Snap Logic is preferred.

- Skilled in leading team initiatives using project management and Agile methodologies.

Work Site : Remote

Duration: Longterm

Expected Start Date : Immediate

Number of Positions: 01 For applications and inquiries, contact: [email protected]