Security Software Engineer (Onsite, Lahore, PKR Salary)

Requirements:

• 1–2 years of experience in software development, with a focus on application security and vulnerability remediation.
• Strong software engineering background with hands-on coding experience.
• Proven experience remediating security vulnerabilities in production environments.
• Solid understanding of the OWASP Top 10 and secure software development principles.
• Experience with backend development using technologies such as Node.js, Python, Go, Java, or similar.
• Knowledge of authentication, session management, authorization, and API security.
• Experience reviewing, debugging, and refactoring existing codebases.
• Familiarity with Bug Bounty Programs and vulnerability disclosure workflows (e.g., HackerOne, Bugcrowd).
• Experience with static and dynamic application security testing (SAST/DAST) tools.
• Understanding of DevSecOps practices and CI/CD security integrations.
• Experience with cloud security and secure infrastructure practices.
• Knowledge of automated security testing and security monitoring tools.
• Familiarity with threat modeling and secure architecture design.

Responsibilities:

• Analyze, prioritize, and remediate security vulnerabilities identified through internal assessments and Bug Bounty Program reports.
• Develop secure, scalable, and production-ready backend and application code.
• Review and refactor existing code to address security weaknesses.
• Implement security best practices across authentication, authorization, APIs, encryption, and data protection.
• Conduct secure code reviews and recommend security-focused architectural improvements.
• Collaborate with Engineering, DevOps, and QA teams to enhance application security.
• Support the integration of security controls within the SDLC and CI/CD pipelines.
• Document vulnerability findings, remediation activities, and preventive measures.