Application Security Engineer

Avrioc Technologies is seeking an experienced Application Security Engineer with a minimum of 7+ years in a similar role. This position is ideal for a candidate with strong collaboration skills who can engage effectively with product managers, QA, and other stakeholders to prioritize security findings and define security SLAs for application vulnerabilities. The ideal candidate should have hands-on experience with a broad range of security practices and tools, particularly in penetration testing for web and mobile applications (Android/iOS). Candidates must hold at least one recognized security certification such as CEH, eMAPT, OSCP, or eWPT.

Key responsibilities include conducting manual and automated penetration testing, utilizing security tools such as Burp Suite, OWASP ZAP, MobSF, Frida, Drozer, QARK, jadx, and mitmproxy. You will analyze mobile APK/IPA files, implement vulnerability detection techniques including SAST, DAST, and SCA for web/mobile applications and their APIs, and collaborate with development teams to apply secure coding practices and remediation measures.

You will also integrate security checks into CI/CD pipelines for early prevention of vulnerabilities, conduct threat modeling and architecture reviews, test API security for issues like improper authentication and excessive data exposure, and respond to security incidents while analyzing exploitation patterns to support forensic investigations. Ensuring compliance with app store security guidelines and conducting training sessions for developers on security best practices will be essential. Additionally, maintaining internal security documentation, pentest reports, and risk assessments are part of the role.

Location: Abu Dhabi Emirate, United Arab Emirates
Work Conditions: On-site, Full-time