The Company

ISA Consulting is an IT company offering end-to-end solutions in Digital Transformation, Digital Consulting and Business Process Services – supporting all Tech Stacks. Collectively we service a multitude of clients across industries and company verticals. We are a culmination of some of the brightest Full Stack Developers, Data Engineers, Architects, Project Managers, Quality Analysts, Strategists, spanning across multiple time zones.

Job Summary

We are a rapidly growing global software development company looking for a hands-on Senior Application Security (AppSec) Engineer to champion security throughout our engineering culture. In this role, you’ll help shape and lead our AppSec strategy, drive secure software practices across the SDLC, and serve as a trusted partner to Development, Product, and DevOps teams. You’ll lead by example: building scalable security tooling, guiding threat modeling, and mentoring engineers to make secure coding second nature. If you thrive at the intersection of engineering and security – and love solving problems at scale—this one’s for you.

Responsibilities & Duties

Application Security Program Development:

• Partner with software engineering and product teams to embed security across all stages of the SDLC (design, development, testing, deployment).
• Lead threat modeling sessions, drive secure design and code reviews, and perform application-level risk assessments.
• Define, maintain, and enforce secure coding standards, guidelines, and reusable security patterns across development teams.

Development Security Operations (DevSecOps):

• Design, implement, and maintain scalable security tooling and automation (e.g., SAST, DAST, SCA, IaC scanning).
• Collaborate with development teams to identify gaps and harden CI/CD pipelines.
• Automate service management processes to improve response time and consistency.
• Establish and manage continuous security testing protocols within development workflows.

Vulnerability Management & Remediation:

• Conduct vulnerability assessments, triage and prioritize findings from scans, pen tests, and bug bounty programs.
• Work directly with engineering teams to ensure timely and effective vulnerability remediation.
• Lead root cause analysis and support incident response for application-layer security issues.
• Support incident response and root cause analysis for application-level security incidents.

System Performance and Security:

• Monitor system performance proactively, identify bottlenecks, and optimize configurations to improve scalability and efficiency.
• Configure and manage secure, role-based access controls, permission schemes, and page-level restrictions to protect sensitive data.
• Troubleshoot and resolve system issues to minimize downtime and ensure system reliability.

Security Champion & Developer Enablement:

• Serve as a hands-on security advisor to developers by offering training, guidance, and support on secure software development practices.
• Build and lead the Application Security Champions program to increase security awareness and ownership across engineering teams.

Leadership & Mentorship (Team Lead Focus):

• Mentor junior AppSec engineers and foster professional growth through coaching and knowledge sharing.
• Provide technical leadership and represent Application Security in security and engineering forums.
• Align security initiatives and roadmap priorities with broader engineering and business objectives.

Requirements and Skills

• Broad Expertise: Deep understanding of the Secure Software Development Lifecycle (SSDLC), with experience embedding security practices throughout Agile and DevOps environments.
• Autonomous & Collaborative: Ready to take ownership of your role, with the ability to work independently and effectively with remote teams.
• Curiosity & Investigative Mindset: Naturally curious with a strong investigative mindset, always eager to dig deeper into potential issues to identify the best outcome.
• Proactive Problem Solver: Capable of anticipating and addressing issues before they escalate.

Education & Experience

• BS or MS in Computer Science, Information Technology, or equivalent coursework preferred.
• 5+ years of experience in Application Security, Secure Software Development, DevSecOps, or related technical security roles.
• Proven hands-on experience identifying and mitigating application vulnerabilities through both manual techniques and security tools (SAST, DAST, SCA, and dynamic analysis platforms).
• Hands-on knowledge of cloud security principles and best practices for securing applications in AWS, Azure, or GCP environments.
• Professional certifications such as OSCP, OSWE, CSSLP, GWEB, or CISSP preferred.

Hiring Policy

This job description may evolve over time. ISA Consulting is dedicated to diversity and inclusion, ensuring a fair workplace for all, regardless of race, color, religion, gender, national origin, age, disability, or any other protected status.