Principal Application Security Engineer

Model N Global Information Security team is seeking a Principal Application Security Engineer with deep expertise and a proven track record in the Application/Product Security domain. This is the perfect opportunity if you’re passionate about security and thrive in a collaborative environment.

The role requires managing and supporting the Application Security discipline, maturing the vulnerability management program, integrating security within CI/CD environments, and implementing advanced DevSecOps practices. This role is crucial in shaping our application security strategy, driving the "Shift Left" approach, and ensuring that security is embedded throughout our software development lifecycle.

If you are an innovative thinker with extensive experience in application security and a passion for fostering a security-first culture, we invite you to apply.

Job Responsibilities

• Operations in Security Integration: Architect and implement advanced security measures into our CI/CD pipeline, ensuring seamless automation of security testing, vulnerability management, and compliance validation across all development phases.
• Comprehensive Threat Modeling: Lead and facilitate thorough threat modeling sessions with cross-functional teams, identifying and prioritizing potential risks and vulnerabilities during the design and development stages.
• Advanced Code Analysis: Conduct expert-level static and dynamic code analysis, providing in-depth feedback and mentorship to developers on secure coding practices, while ensuring adherence to security standards.
• Tooling Innovation: Research, evaluate, and implement state-of-the-art application security tools (SAST, DAST, SCA) to automate testing processes and enhance vulnerability reporting, ensuring that security measures evolve alongside emerging threats.
• Incident Response Excellence: Collaborate with incident response teams to analyze and mitigate security incidents, developing and refining processes to learn from incidents and strengthen defenses.
• Robust Training and Advocacy: Design and deliver comprehensive security training programs for developers and stakeholders, promoting a proactive security culture and enhancing awareness of application security best practices.
• Policy Development and Governance: Drive the creation and continuous improvement of application security policies, standards, and frameworks, ensuring alignment with industry best practices, regulatory requirements, and business objectives.
• Risk Management & Remediation: Drive the risk reduction with Products, Platforms and Infrastructure by recommending security remediation approach and participating in risk reduction planning/strategy. Continue to scale Risk Remediation program by supporting risk backlog and other opportunities to reduce risk.
• Strategic Cross-Functional Collaboration: Engage effectively with DevOps, product management, product development, project managers, cloud operations and engineering, and IT teams to ensure security is integrated into the product development process, fostering a culture of shared responsibility for security.

Job Qualification

• 8+ years of hands-on experience in application security, with significant expertise in CI/CD and DevSecOps environments.
• Mastery of leading application security tools (e.g., Checkmarx, Qualys, Burp Suite, Rapid 7, Tenable, Snyk etc.) and methodologies.
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and secure coding frameworks (e.g., OWASP ASVS).
• Proficient in containerization technologies (Docker, Kubernetes) and securing cloud environments (AWS, Azure, GCP).
• Industry-recognized certifications such as CISSP, CISM, CEH, or CSSLP are strongly preferred but not required.
• Project planning, communication, and collaboration skills, with the ability to influence and drive change across diverse teams.
• BE/BTech or equivalent in Computer Science, Information Security, or a related field; advanced degrees preferred.

About Model N

Model N is the leader in revenue optimization and compliance for pharmaceutical, medtech and high-tech innovators. For the last 25 years, our intelligent platform has powered digital transformation for pharmaceutical, medtech, and high-tech companies with integrated technology, data, analytics, and expert services that deliver deep insight and control. Our integrated cloud solution is proven to automate pricing, incentive and contract decisions to scale business profitably and grow revenue. Model N is trusted across more than 120 countries by the world’s leading companies, including Johnson & Johnson, AstraZeneca, Stryker, Seagate Technology, Broadcom, and Microchip Technology. For more information, visit www.modeln.com