Senior Application Security Engineer

Job Purpose:


As a member of the Application Security team, the Senior Application Security Engineer works closely with software engineers, architects, product management and others help integrate tools into their build/development environments to ensure consistent application of security controls across the product portfolio. This person should be familiar with Secure Development practices and have experience helping product teams adopt these activities.

We seek a top-performing technical leader with the passion, experience and gravitas to effectively lead and contribute to this critical technology function. The ideal candidate will be a high energy, team oriented, customer driven problem solver with prior experience building secure software for enterprises.


Main Duties:

  • Roll out tools and services to all Sophos Product teams
  • Design and implement frameworks and features that are instrumental securing Sophos software and systems.
  • Guide teams in the adoption of Secure Development activities. (Training, Threat Modeling, Static/dynamic analysis)
  • Participate in planning and architecture sessions with engineering management, architects, operations, and development team leads.
  • Help teams integrate fuzzing into their test environments.
  • Help product teams move to a DevSecOps way of performing application security.  


Skills & Experience:

  • Minimum of 5+ years’ working on Application Security,
  • Minimum of 5+ years working on Vulnerability Assessment & Penetration Testing
  • Minimum 3+ years’ working on Threat Modelling and Security architecture reviews
  • Understand how vulnerabilities happen, and how to fix them at an architectural level.
  • Hands-on experience with static analysis security testing software.
  • Skilled on tools like: Findbugs, Coverity, Fortify, Veracode, etc
  • Solid understanding of Software development principles.
  • Solid understanding of fuzzing
  • Developing a Vulnerability Management strategy
  • Evaluating SAST and DAST solutions
  • Rolling out an Application Security training program
  • Experience with Python scripting and automation
  • Experience with AWS, Jenkins sand DevSecOps
  • Experience responding to and investigating security events and tracking remediation
  • Ability to get up to speed on new security framework and concepts
  • Experience with application security, OWASP Top 10, SAST, and DAST solutions
  • Willingness to be a security generalist and wear multiple hats
  • Excellent analytical and troubleshooting skills and demonstrated ability to investigate and solve complex problems, including solving critical production issues in complex systems and investigating and determining root causes.
  • Technical acumen to lead the creation of both system-level and service-level designs in collaboration with other technical experts.
  • Familiarity with Threat Modeling and Secure Development in general.
  • Understanding of how to build tools, frameworks and services that will be consumed by other development teams.
  • Penchant for automating everything, and in particular, experience tackling the challenges associated with building frameworks for, automating deployments to and monitoring and maintaining the health of cloud platforms.
  • Understanding of common standards / processes / tools and the ability to leverage them where possible.
  • Excellent in verbal and written communication, and able to constructively discuss and convey differing ideas, approaches, and perspectives, particularly in written communications.
  • Eagerness to learn the world of Internet security and the Sophos product suite.
  • Occasionally required to be available out-of-hours. 


 Equal Opportunities

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.

If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact

Additional Info

Job Type : Full-Time

Education Level : ""

Experience Level : ""

Job Function : ""

Apply at: :

Powered By GrowthZone