Job Category Product Security EngineeringPosting Date 07/17/2025, 04:06 PMJob Schedule Full timeJob DescriptionSenior Application Security EngineerFortinet is looking for a Sr. Application Security Engineer to join the Corporate Information Security team. This is a highly technical role, with responsibilities conducting security reviews on various Fortinet applications, providing security education to our engineers and handling externally reported vulnerabilities.Key Responsibilities:Serve as an application security subject matter expert who provides guidance to internal teamsWork closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.Develop, implement, and communicate vulnerability mitigation strategies to development teamsHandle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee.Drive Fortinet static and dynamic application security testing program.Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applicationsAdvise development teams on SDLC best practices.Proactively research new attack vectors on applications that may affectFortinet applications and infrastructure.Be part of a global distributed team to share knowledge, workload and assignments. Strong sense of teamwork is required. Coach peers in application security concepts and best practices.Required Skills/Experience:5+ years of work experience as an Information Security Researcher or EngineerStrong understanding on OWASP TOP 10 vulnerabilities.Strong understanding of common API security risksStrong understanding on Cloud-Native application architecture, microservices, containerization technologies, secure deployment and implementation issues.Proven experience in application penetration testingProven experience in security code reviewProven experience in application security testing (DAST, SAST, IAST, SCA) tools and processesStrong foundation in computer and network security, authentication & authorization, security protocols and applied cryptographySolid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.Solid understanding on CI/CD pipelines, build systems and DevSecOps principles.Experience defining security architecture patterns and standards in a large enterprise organization.Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application securityExperience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.Efficiency with web proxies such as Burp or OWASP ZAP or FiddlerUnderstanding of OAuth and JWT implementations.Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teamsA BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.Experience in Cloud Security Posture Management (CSPM) and/or Application Security Posture Management (ASPM) tools is a plus.Having OSWE OSCP, GWEB, GPEN or similar certificate is a plusExperience in Mobile Application Penetration Testing is a plusFamiliarity with AI&ML & LLM concepts, AI Red Teaming, AI Guardrails is a plus.#LI-HybridAbout UsFortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 615,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone. #J-18808-Ljbffr