Application Security Engineer

Requirements

• Bachelor's degree in Computer Science, Engineering, or related field
• Minimum 5 years of software development or software security experience in an agile environment with strong expertise in software secure coding practices, threat modeling, and vulnerability assessment.
• Hands-on experience with SAST, DAST, IAST, and SCA tools (e.g., GitHub Advanced Security, Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP).
• Deep knowledge of API security (e.g., OWASP API Top 10, GraphQL security).
• Experience in securing containerized applications (Docker, Kubernetes).
• Knowledge of supply chain security risks (e.g., SBOM, software dependency management).
• Familiarity with AI/ML security risks and adversarial machine learning techniques.
• Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation).
• Fluent in one or more programming languages, such as Python, Java, JavaScript
• Strong knowledge of secure coding principles and application security frameworks.
• Familiarity with security tools (e.g., static and dynamic analysis tools, vulnerability scanners).
• Understanding of security standards and regulations (e.g., OWASP, NIST).
• Hands-on experience securing AI/ML applications, understanding adversarial attacks, model poisoning, and data privacy risks. Str

Benefits

Additional Information

Company Description Strategy (Nasdaq: MSTR) is at the forefront of transforming organizations into intelligent enterprises through data-driven innovation. We don't just follow trends-we set them and drive change. As a market leader in enterprise analytics and mobility software, we've pioneered the BI and analytics space, empowering people to make better decisions and revolutionizing how businesses operate. But that's not all. Strategy is also leading a groundbreaking shift in how companies approach their treasury reserve strategy, boldly adopting Bitcoin as a key asset. This visionary move is reshaping the financial landscape and solidifying our position as a forward-thinking, innovative force in the market. Four years after adopting the Bitcoin Standard, Strategy's stock has outperformed every company in the S&P 500. Our people are the core of our success. At Strategy, you'll join a team of smart, creative minds working on dynamic projects with cutting-edge technologies. We thrive on curiosity, innovation, and a relentless pursuit of excellence. Our corporate values-bold, agile, engaged, impactful, and united-are the foundation of our culture. As we lead the charge into the new era of AI and financial innovation, we foster an environment where every employee's contributions are recognized and valued. Join us and be part of an organization that lives and breathes innovation every day. At Strategy, you're not just another employee; you're a crucial part of a mission to push the boundaries of analytics and redefine financial investment. Job Location Pune, India Full-time in person from Strategy Office a minimum of 4 days per week European Hours Job Description Join Strategy's IT Security group as a Senior Application Security Engineer and play a crucial role in safeguarding Strategy's software applications while using modern security and AI tooling. In this position, you will be responsible for establishing innovative security practices throughout the software development lifecycle, ensuring that our software products are resilient against novel threats and vulnerabilities. Security Architecture: Design and implement application security architecture and processes, ensuring they align with industry best practices and regulatory requirements. Secure SDLC: Manage a risk-balanced SDLC by integrating threat modeling, secure code reviews, and security testing. Vulnerability Management: Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA ) tools. Security Assessments & Penetration Testing: Perform advanced penetration testing and red teaming across web, mobile, and cloud applications. Leverage exploit development techniques to identify high-risk vulnerabilities and collaborate with engineering teams for effective remediation. Secure Code Review: Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices. Threat Modeling & Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture on complex or cross-functional components DevSecOps Enablement: Lead and enhance DevSecOps initiatives by identifying gaps and integrating security automation within CI/CD pipelines. Incident Response & Remediation: Lead security incident response related to applications and work with engineering teams to remediate threats. Security Awareness & Training: Develop and lead customized security training programs for engineering teams, focusing on OWASP Top 10, threat modeling, AI security risks, and secure coding principles.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Microstrategy1? Share your experience