Build security into every release-and shape systems used worldwide
If you're ready to be part of something bigger than vulnerability scans, this role invites you to protect modern applications at scale-embedding security where it matters most and influencing how global systems are built, tested, and deployed.
Build a global career in application security without leaving Sri Lanka. This international opportunity puts your expertise at the heart of secure software delivery-working with global teams, shaping secure design decisions, and protecting applications used across borders.
Job Description
As an Application Security Engineer, you will embed security into CI/CD pipelines, lead application security testing, and partner with developers and DevOps teams to identify, prioritize, and remediate risks-ensuring secure, compliant, and resilient software delivery.
Job Overview
Employment type: Full-time
Shift: Morning shift | Flexible shift | Weekends off
Work setup: Hybrid, Elegance Center, Colombo, Sri Lanka
Exciting Perks Await!
- Competitive package
- Medical life insurance
- Hybrid work arrangement
- Standard government and Emapta benefits
- Well-equipped, modern, and accessible offices
- Fun engagement activities for employees
- Mentorship and exposure to global leaders and teams
- Unlimited upskilling through Emapta Academy courses
The Qualifications We Seek
Education
- Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)
Experience
- Minimum of 3 years of experience in application security, secure coding, or DevSecOps roles
Knowledge and Skills
- Strong understanding of CI/CD tools (GitLab CI, Azure DevOps, Jenkins)
- Hands-on experience with application security testing tools, including:
- SAST (SonarQube, Fortify, Checkmarx)
- DAST (OWASP ZAP, Burp Suite)
- SCA (Snyk, WhiteSource, OWASP Dependency-Check)
- Strong knowledge of OWASP Top 10 and common application attack vectors
- Familiarity with secure coding practices in JavaScript, Python, .NET, or Java
- Experience with infrastructure-as-code and container security (Docker, Kubernetes)
- Working knowledge of REST API security and authentication standards (OAuth, SAML, OpenID)
Your Daily Tasks
Security Testing & Assessment
- Integrate security controls and automated checks into CI/CD pipelines to support a secure SDLC
- Lead and conduct security testing for application releases, including manual code reviews when required
- Build, manage, and maintain DevSecOps tool integrations and automation scripts
- Evaluate and implement open-source or commercial application security tools
Secure Software Development Lifecycle (SSDLC)
- Perform Static Application Security Testing (SAST)
- Perform Dynamic Application Security Testing (DAST)
- Conduct Software Composition Analysis (SCA)
Risk Assessment & Threat Modeling
- Assist with threat modelling and security design reviews for in-house applications
- Maintain a risk-based prioritization matrix for identified vulnerabilities
Compliance & Standards
Collaboration and Education
- Work closely with developers and DevOps teams to embed security into application design and deployment
- Coordinate vulnerability management and remediation tracking
- Collaborate with the Release Manager to enforce security gate checks prior to production
Other Responsibilities
- Perform administrative or non-administrative duties as assigned through written or verbal instructions
.png)
