Job Openings Application Security Engineer (Code Review Specialist)

About the job Application Security Engineer (Code Review Specialist)

iSec is Hiring " Application Security Engineer " (Code Review Specialist)

Location: Cairo - Egypt
Experience: 2- 4 Years

About the Role:

Are you passionate about securing enterprise applications at the code level?
At iSec, were looking for an Application Security Engineer to join our technical team and lead secure code reviews, enforce regulatory compliance, and embed security into the software development lifecycle across high-impact fintech and enterprise systems

Job Responsibilities:

  • Conduct manual and automated secure code reviews for enterprise applications written in Java, .NET.
  • Identify and remediate vulnerabilities, focusing on OWASP Top 10, CWE Top 25, and business logic flaws.
  • Ensure code complies with relevant regulatory and security standards such as PCI-DSS 4.0, PSD2, and internal security policies.
  • Support and fine-tune tools for SAST, DAST, and SCA (e.g., Checkmarx, SonarQube, Burp Suite, Snyk).
  • Perform software composition analysis and assess risks from open-source components and third-party libraries.
  • Collaborate with developers and QA teams on vulnerability triage, fix verification, and secure coding practices.
  • Support development of threat models for APIs, critical modules, and microservices.
  • Create concise technical and executive-level reports with CVSS scores and business impact analysis.

Qualification & Skills:

  • 2 - 4 Years of hands-on experience in Application Security, Code Review, or Penetration Testing.
  • Solid understanding of secure development life cycle (SDLC) and secure coding principles.
  • Familiarity with mobile application security testing (Android/iOS) and OWASP Mobile Top 10 is preferred.
  • Practical experience with:
    • SAST tools: Checkmarx, Fortify, SonarQube
    • DAST tools: Burp Suite, OWASP ZAP
    • SCA tools: Snyk, Black Duck
  • Strong code review capabilities in at least one major language: Java, .NET.
  • Knowledge of authentication/authorization mechanisms and common flaws (OAuth, JWT, cryptography misuse).
  • Familiarity with financial industry compliance and security frameworks (PCI-DSS 4.0, 3D Secure 2.0).
  • Bonus Points for Certifications: OSWE, eWPTX, CSSLP, PCIP, QIR.

Or refer someone