.png)
Level up your cybersecurity career in the global outsourcing and offshoring industry. You’ll secure the digital backbone of high-performing offshore teams powering businesses worldwide.
Job Description
As an Application Security Engineer, you’ll lead security testing efforts, automate security into CI/CD pipelines, and collaborate closely with dev and DevOps teams to embed security throughout the SDLC. You'll play a key role in securing critical applications and driving compliance with global standards.
Job Overview
Employment type: Full-Time
Shift: 08:00 AM – 05:00 PM LK Time
Work setup: Hybrid, Sri Lanka
Exciting Perks Await!
- Competitive Package
- Medical Life Insurance
- Standard government and Emapta benefits
- Well-equipped, modern, and accessible offices
- Fun engagement activities for employees
- Mentorship and exposure to global leaders and teams
- Unlimited upskilling through Emapta Academy courses (Want to know more? Visit https://bit.ly/EmaptaTrainingCalendar)
The Qualifications We Seek
- Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
- Minimum 3 years of experience in application security, secure coding, or DevSecOps roles
- Solid understanding of CI/CD tools (e.g., GitLab CI, Azure DevOps, Jenkins)
- Hands-on experience with:
- SAST tools (e.g., SonarQube, Fortify, Checkmarx)
- DAST tools (e.g., OWASP ZAP, Burp Suite)
- SCA tools (e.g., Snyk, WhiteSource, OWASP Dependency-Check)
- Strong knowledge of OWASP Top 10 and common app attack vectors
- Familiarity with secure coding practices in JavaScript, Python, .NET, or Java
- Experience with container and infrastructure-as-code security (e.g., Docker, Kubernetes)
- Working knowledge of REST API security and authentication standards (OAuth, SAML, OpenID)
Your Daily Tasks
Security Testing & Assessment:
- Integrate security controls and automated checks into the CI/CD pipeline to support a secure SDLC
- Lead and conduct security tests for all application releases
- Perform manual code reviews when necessary
- Build, manage, and maintain DevSecOps tool integrations and automation scripts
- Evaluate and implement open-source or commercial AppSec tools to strengthen the pipeline
Secure Software Development Lifecycle (SSDLC):
- Execute Static Application Security Testing (SAST)
- Conduct Dynamic Application Security Testing (DAST)
- Perform Software Composition Analysis (SCA)
Risk Assessment & Threat Modeling:
- Assist with threat modeling and security design reviews for in-house applications
- Maintain a risk-based prioritization matrix for identified application vulnerabilities
Compliance & Standards:
- Define and enforce secure coding standards and best practices across development teams
- Support audit and compliance reporting related to application security (SOC 2, ISO 27001, PCI-DSS)
Collaboration and Education:
- Work with developers and DevOps teams to embed security in application design, development, and deployment
- Coordinate vulnerability management and track remediation of application flaws
- Collaborate with the Release Manager to enforce security gate checks before production deployment
Other Responsibilities:
- Perform administrative or non-administrative tasks as assigned by company representatives through written or verbal instruction
--------------------------------------------
.png)
