Application Security Engineer

Company Description

Strategy (Nasdaq: MSTR) is at the forefront of transforming organizations into intelligent enterprises through datadriven innovation. We dont just follow trends we set them and drive change. As a market leader in enterprise analytics and mobility software weve pioneered the BI and analytics space empowering people to make better decisions and revolutionizing how businesses operate.

But thats not all. Strategy is also leading a groundbreaking shift in how companies approach their treasury reserve strategy boldly adopting Bitcoin as a key asset. This visionary move is reshaping the financial landscape and solidifying our position as a forwardthinking innovative force in the market. Four years after adopting the Bitcoin Standard Strategys stock has outperformed every company in S&P 500.

Our people are the core of our success. At Strategy youll join a team of smart creative minds working on dynamic projects with cuttingedge technologies. We thrive on curiosity innovation and a relentless pursuit of excellence.

Our corporate valuesbold agile engaged impactful and unitedare the foundation of our culture. As we lead the charge into the new era of AI and financial innovation we foster an environment where every employees contributions are recognized and valued.

Join us and be part of an organization that lives and breathes innovation every day. At Strategy youre not just another employee; youre a crucial part of a mission to push the boundaries of analytics and redefine financial investment.

Job Description

Join Strategys IT Security group as an Application Security Engineer and play a crucial role in safeguarding Strategys software applications while using modern security and AI tooling. In this position you will be responsible for integrating security practices throughout the software development lifecycle ensuring that our software products are resilient against vulnerabilities.

• Secure SDLC Integration: Work closely with development teams to integrate security into the SDLC including threat modeling secure code reviews and security testing.

• Vulnerability Management: Identify triage and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA tools.

• Security Assessments & Penetration Testing: Conduct manual and automated penetration testing of web mobile and cloud applications to detect security flaws.

• Secure Code Review: Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices.

• Threat Modeling & Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture.

• DevSecOps Enablement: Support and enhance DevSecOps initiatives by integrating security automation within CI/CD pipelines.

• Incident Response & Remediation: Assist in investigating security incidents related to applications and work with engineering teams to remediate threats.

• Security Awareness & Training: Educate and mentor developers on OWASP Top 10 SANS 25 and other security best practices.

Qualifications

• Bachelors degree in Computer Science Engineering or related field

• Minimum 2 years of software development or software security experience in an agile environment

• Handson experience with SAST DAST IAST and SCA tools (e.g. Checkmarx Fortify Veracode SonarQube Burp Suite ZAP).

• Fluent in one or more programming languages such as Python Java JavaScript

• Strong knowledge of secure coding principles and application security frameworks

• Familiarity with security tools (e.g. static and dynamic analysis tools vulnerability scanners)

• Understanding of security standards and regulations (e.g. OWASP NIST)

• Handson experience with Generative AI and/or ML in creating innovative applications that enhance productivity and efficiency coupled with a strong eagerness to learn 

• Experience with cloud security best practices in AWS Azure or GCP.

• Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues

• Effective interpersonal skills; ability to collaborate successfully with both technical and nontechnical stakeholders

• Ability to articulate complex technical concepts with clarity supported by effective written and verbal communication skills

Job Location

Application Security Engineer

• Pune India

• Fulltime in person from Strategy Office a minimum of 4 days per week

Additional Information

The recruitment process includes online assessments as a first step (English logic design technical) we send them via email please check also your SPAM folder

Remote Work :

No

Employment Type :

Fulltime