Application Security Engineer, Application Security Lead (DevSecOps / Azure DevOps)

JOB TITLE: Application Security Engineer, Application Security Lead (DevSecOps / Azure DevOps)WORK SET UP: Hybrid in Cubao, Quezon CityWORK SHIFT: Day shift(Salary is confidential , the final salary offer will depends to the client and project they will be assigned)Summary: You will embed security into the software delivery lifecycle and reduce application risk across modern cloud and containerized environments. In this role, you will partner closely with engineering, DevOps, and product teams to implement and operate scalable DevSecOps controls, including SAST, DAST, SCA, API security testing, IAST, and RASP, and drive secure-by-design practices through automation in Azure DevOps CI/CD pipelines. You will also support penetration testing activities, provide secure coding guidance, and help establish standards and metrics that improve security posture without slowing down delivery.Roles and Responsibilities:• Embed security into the SDLC by partnering with engineering and DevOps teams across planning, design, build, test, and release.• Implement and maintain application security testing programs, including:• SAST (Static Application Security Testing)• DAST (Dynamic Application Security Testing)• SCA (Software Composition Analysis)• IAST (Interactive Application Security Testing)• RASP (Runtime Application Self-Protection)• Integrate security scanning and quality gates into Azure DevOps pipelines (Build/Release), ensuring repeatable and automated controls.• Perform API security testing, including authentication/authorization validation, rate limiting checks, schema validation, and abuse testing.• Conduct and/or coordinate security penetration testing and validate remediation effectiveness.• Lead threat modeling and secure design reviews for new features, services, and architectures (microservices, serverless, containerized workloads).• Establish vulnerability triage and remediation workflows: verify findings, reduce false positives, prioritize by risk, and track to closure.• Define and promote secure coding standards and provide hands-on guidance (code review support, secure patterns, reference implementations).• Support cloud security posture for application layers across Azure, AWS, and/or GCP, including identity, secrets, network exposure, and service configurations.• Implement secrets management and secure configuration practices (e.g., key vault usage, environment hardening, least privilege).• Build dashboards and metrics to report coverage and progress (scan coverage, mean time to remediate, vulnerability trends, SLA compliance).• Evaluate and onboard AppSec tools and solutions; optimize pipelines for performance, reliability, and developer experience.• Run enablement sessions (training, brown bags) to raise developer security maturity and reduce recurring issues.• Participate in incident response activities related to application vulnerabilities, including root-cause analysis and prevention improvements.Core Technical Requirements:• Strong hands-on experience with SAST – Static Application Security Testing (