e.l.f. Beauty
We are seeking a highly skilled and proactive Senior Application Security Engineer to join our growing security team.
You will be responsible for securing our applications throughout the software development lifecycle (SDLC). This includes
– identifying vulnerabilities,
– working with development teams to remediate risks, and
– implementing security best practices and tools to ensure our applications are robust, secure, and compliant with relevant standards.
Responsibilities:
- Perform manual and automated security assessments of web, mobile, and cloud applications
- Collaborate with development and engineering teams to embed security into SDLC (DevSecOps)
- Conduct secure code reviews, threat modeling exercises, and risk assessments to identify security weaknesses in application design.
- Implement and manage application security tools (SAST, DAST, SCA, IAST)
- Design and enforce security policies, standards, and procedures for application development
- Monitor, triage, and respond to application-layer vulnerabilities and incidents
- Work closely with QA and engineering teams to drive security testing and fix validation
- Lead the Incident Response effort for application-related security events.
- Stay current on the latest security threats, vulnerabilities, and industry’s best practices
- Conduct developer training and promote a security-first culture within engineering
- Cross-train team members on Application Security principles.
- Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management.
Rquirements:
- Overall 8+ years of experience
- Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
- 5+ years in application security, secure software development, and penetration testing.
- Strong understanding of web technologies (HTML, JavaScript, Python, REST APIs, etc.).
- Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/DC pipelines for automated security testing.
- Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices.
- Knowledge of cloud environments (AWS, Azure, GCP) and their security features.
- Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.
Preferred Qualifications:
- Industry certifications such as CSSLP, GWAPT, OSCP, or CEH
- Experience with container security and CI/CD pipeline integration
- Familiarity with regulatory and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS)
- Prior experience working in agile, DevOps, or fast-paced development environments
Originally posted on Himalayas
To apply for this job please visit himalayas.app.
About this role & career path
Working in India
India, officially the Republic of India, is a country in South Asia. It is the seventh-largest country by area, the most populous country in the world and, since its independence in 1947, the world's most populous democracy. Bounded by the Indian Ocean on the south, the Arabian Sea on the southwest, and the Bay of Bengal on the southeast, it shares land borders with Pakistan to the west; China, Nepal and Bhutan to the north; Bangladesh and Myanmar to the east. In the Indian Ocean, India is near Sri Lanka and the Maldives. Its Andaman and Nicobar Islands share a maritime border with Myanmar, Th
More jobs at e.l.f. Beauty
Keep exploring on Get A Job.ai
Not quite the right fit? Your next opportunity is a click away.
- Browse all jobs
- More jobs by category
- Remote jobs you can do from anywhere
- Research typical pay for this role
- Set a job alert so new matches reach you first
- Upload your resume to apply faster
Hiring instead? Post a job and reach candidates searching right now.