JOB PROFILE
APPLICATION SECURITY ADMINISTRATORAccording to the
jobs site Indeed, the av-
erage annual salary for
an application security
engineer in the United
States is $131,762,
which is higher than the
average annual salaries
estimated by Indeed for
IT security specialists
($117,641) and security
engineers ($103,214).
This means a rapidly escalating
level of sensitive data is being shared
online. And with e-mail, mobile,
and web applications increasingly
targeted by eager attackers, securing
applications and data becomes a more
important priority every day. It’s no
longer enough to just protect your
network and endpoints. Applications
that aren’t locked down have become
a major liability.
In May, Equifax became the first
company to suffer a business rating
downgrade as a direct result of a cy-
berattack — the enormous 2017 breach
that remains a painful thorn in the
company’s side. This can happen to
any enterprise that handles sensitive
data. Just one vulnerable application
can increase a company’s risk of suf-
fering a data breach.
The number of companies that are
moving cybersecurity to the top of
their list of priorities is increasing.
This is why more and more enter-
prises are hiring application security
engineers. And right now, application
security engineers are being hired at
premium salaries.
According to jobs site Indeed, the
average annual salary for an applica-
tion security engineer in the United
States is $131,762, which is higher than
the average annual salaries estimated
by Indeed for IT security specialists
($117,641) and security engineers
($103,214).
Job responsibilities
An application security engineer
is responsible for implementation of
secure practices and technologies at
each stage of the Software Develop-
ment Life Cycle (SDLC). The engineer
is also expected to support application
developers through each phase of the
SDLC.
Application security engineers
are generally required to have some
degree of direct involvement in the
following:
Define and maintain security poli-
cies, procedures, and best practices for
application development.
Gather security requirements and
update and develop security policies
and standards, and ensure implemen-
tation of the same during the planning
stage.
Review application design in col-
laboration with developers.
Perform threat modeling. This en-
tails compiling an inventory of assets,
identifying the impact of each exist-
ing and planned application on these
assets, defining each application’s risk
profile, documenting all security inci-
dents and countermeasures taken, and
ascertaining potential risks.
Assess the security of third-party
applications and ensure these con-
form to company security standards.
Review existing application code
for vulnerabilities, identify root causes
of vulnerabilities, and define measures
to remove these risks.
Recommend technologies and in-
dustry best practices for creating code.Ensure application security con-
trols are adequate and implemented
in accordance with company security
policies and standards.
Perform penetration testing and
vulnerability analysis.
Develop, implement, and maintain
security tools and procedures.