Application Security Engineer

As an Application Security Engineer at Codvo, you will play a crucial role in ensuring the security of client and internal development teams' code for CRA compliance. You will work at the intersection of security engineering and software development, focusing on embedding secure practices into both legacy and new code bases for industrial clients. **Key Responsibilities:** - Conduct static and dynamic code reviews for C/C, .NET, Java, and Python languages to identify CRA/SOC2/ISO compliance gaps. - Utilize SAST/SCA/Secrets/IaC scanners, tuning them to minimize false positives and identify vulnerabilities effectively. - Develop secure code remediation patterns related to cryptography, authentication, logging, and Personally Identifiable Information (PII) handling. - Collaborate closely with client developers to efficiently merge secure fixes into the code base. - Work alongside the CRA Practice Lead to uphold compliance-aligned secure coding playbooks. - Assist in generating compliance evidence, ensuring the availability of audit-ready artifacts. **Required Skills & Qualifications:** - 5-8 years of experience in Application Security Software Development. - Proficiency in coding with C/C, .NET, Java, and Python. - Hands-on experience with security tools such as SonarQube, Semgrep, Snyk, Checkov, and GitHub Advanced Security. - Knowledge of secure coding standards including OWASP, MISRA, and CERT. - Familiarity with compliance requirements such as IEC 62443, SOC 2, and ISO 27001 in industrial settings. **Preferred Background:** - Previous experience in remediating code for compliance frameworks. - Exposure to manufacturing, Oil & Gas (O&G), or industrial software systems. - Certifications like CSSLP, CEH, OSWE, or their equivalents would be advantageous. As an Application Security Engineer at Codvo, you will play a crucial role in ensuring the security of client and internal development teams' code for CRA compliance. You will work at the intersection of security engineering and software development, focusing on embedding secure practices into both legacy and new code bases for industrial clients. **Key Responsibilities:** - Conduct static and dynamic code reviews for C/C, .NET, Java, and Python languages to identify CRA/SOC2/ISO compliance gaps. - Utilize SAST/SCA/Secrets/IaC scanners, tuning them to minimize false positives and identify vulnerabilities effectively. - Develop secure code remediation patterns related to cryptography, authentication, logging, and Personally Identifiable Information (PII) handling. - Collaborate closely with client developers to efficiently merge secure fixes into the code base. - Work alongside the CRA Practice Lead to uphold compliance-aligned secure coding playbooks. - Assist in generating compliance evidence, ensuring the availability of audit-ready artifacts. **Required Skills & Qualifications:** - 5-8 years of experience in Application Security Software Development. - Proficiency in coding with C/C, .NET, Java, and Python. - Hands-on experience with security tools such as SonarQube, Semgrep, Snyk, Checkov, and GitHub Advanced Security. - Knowledge of secure coding standards including OWASP, MISRA, and CERT. - Familiarity with compliance requirements such as IEC 62443, SOC 2, and ISO 27001 in industrial settings. **Preferred Background:** - Previous experience in remediating code for compliance frameworks. - Exposure to manufacturing, Oil & Gas (O&G), or industrial software systems. - Certifications like CSSLP, CEH, OSWE, or their equivalents would be advantageous.