Senior Application Security Engineer

About e.l.f. Beauty: e.l.f. Beauty is an industry-disrupting, hyper-growth global beauty cosmetics leader built on digital-first commerce, inclusivity, and technical accessibility. Our highly scaled digital ecosystem powers frictionless, globally distributed e-commerce experiences and community engagement workflows. Operating at the absolute cutting edge of digital marketing, mobile software applications, and web store architectures, e.l.f. Beauty delivers high-performance consumer platforms backed by robust, modern software delivery models.

Position Overview

We are seeking a highly skilled, proactive Senior Application Security Engineer to join our expanding corporate security vertical. In this execution-driven track, you will hold absolute responsibility for safeguarding our applications across the entire Software Development Lifecycle (SDLC). Operating at the critical interface of software engineering and cloud infrastructure, you will conduct manual and automated testing loops, audit source codes, architect secure CI/CD DevSecOps integrations, and drive risk remediation workflows across our fast-paced global digital commerce engineering squads.

Key Responsibilities

• Multi-Platform Security Assessments: Execute thorough manual and automated penetration testing sweeps across web portals, mobile application binaries, and cloud-native containerized networks.
• DevSecOps Pipeline Integration: Collaborate directly alongside engineering squads to embed automated security testing nodes (including SAST, DAST, SCA, and IAST tools) into production CI/CD deployment channels.
• Threat Modeling & Code Review: Lead secure source code reviews, architecture risk assessments, and multi-threaded threat modeling exercises to eliminate weaknesses during system design phases.
• Incident Response Leadership: Own and lead immediate incident response remediation actions when application-layer events or zero-day security bottlenecks are identified.
• Vulnerability Lifecycle Management: Triage, track, monitor, and validate bug validation fixes while overseeing internal bug bounty submissions and corporate vulnerability registries.
• Security Culture Advocacy: Design and run technical security training workshops for core developers, evangelizing OWASP guidelines and cultivating a robust security-first engineering mindset.

Required Skills & Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a verified equivalent field of quantitative technical practice.
• 8+ years of total professional experience operating within technical software engineering, infrastructure operations, or IT infrastructure security environments.
• 5+ years of dedicated, hands-on experience focused specifically on Application Security (AppSec), secure software development, and deep application penetration testing.
• Strong backend and frontend comprehension across web technologies, including HTML5, JavaScript architectures, Python scripting, and secure REST APIs protocols.
• Comprehensive conceptual mastery over global threat classification frameworks including OWASP Top 10, SANS Top 25, CWE, and CVE mapping registries.
• Familiarity with cloud computing multi-tenant architectures (specifically AWS, Azure, or GCP) and their native identity access management and storage security components.
• Superb technical communication, reporting, and interpersonal alignment mechanics to interface comfortably between engineering squads and business stakeholders.
• Location Context: 100% remote-first workspace flexibility open to qualified application security professionals based anywhere within **India**.

Preferred Strategic Indicators (Nice to Have)

• Recognized professional industry certifications such as CSSLP, GWAPT, OSCP, or CEH.
• Direct production experience hardening container deployments and microservices orchestration layers.
• Familiarity aligning system compliance frameworks with enterprise standards including SOC 2, ISO 27001, and PCI DSS requirements.

What We Offer

• A high-stakes leadership track safeguarding the digital infrastructure of one of the world's fastest-growing beauty and digital commerce platforms.
• Highly competitive global compensation package calibrated to your specialized AppSec penetration testing depth.
• 100% remote-first operational freedom backed by a highly progressive and supportive corporate infrastructure.
• Continuous performance evaluation reviews to accelerate professional growth and compensation milestones.