Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join our team to conduct security reviews and educate engineers on application security.
- Company: Fortinet is a leader in cybersecurity, trusted by top enterprises globally.
- Benefits: Enjoy hybrid work options, extensive training programs, and a collaborative culture.
- Why this job: Make a real impact in securing applications while working with cutting-edge technology.
- Qualifications: 5+ years in information security; strong coding skills in Java, .NET, Python, or JavaScript.
- Other info: Experience with AI concepts and mobile app penetration testing is a plus.
The predicted salary is between 43200 - 72000 £ per year.
- Job Category Product Security Engineering
- Posting Date 07/17/2025, 04:06 PM
- Job Schedule Full time
Job Description
Senior Application Security Engineer
Fortinet is looking for a Sr. Application Security Engineer to join the Corporate Information Security team. This is a highly technical role, with responsibilities conducting security reviews on various Fortinet applications, providing security education to our engineers and handling externally reported vulnerabilities.
Key Responsibilities:
- Serve as an application security subject matter expert who provides guidance to internal teams
- Work closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.
- Develop, implement, and communicate vulnerability mitigation strategies to development teams
- Handle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee.
- Drive Fortinet static and dynamic application security testing program.
- Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applications
- Advise development teams on SDLC best practices.
- Proactively research new attack vectors on applications that may affect Fortinet applications and infrastructure.
- Be part of a global distributed team to share knowledge, workload and assignments. Strong sense of teamwork is required. Coach peers in application security concepts and best practices.
Required Skills/Experience:
- 5+ years of work experience as an Information Security Researcher or Engineer
- Strong understanding on OWASP TOP 10 vulnerabilities.
- Strong understanding of common API security risks
- Strong understanding on Cloud-Native application architecture, microservices, containerization technologies, secure deployment and implementation issues.
- Proven experience in application penetration testing
- Proven experience in security code review
- Proven experience in application security testing (DAST, SAST, IAST, SCA) tools and processes
- Strong foundation in computer and network security, authentication & authorization, security protocols and applied cryptography
- Solid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.
- Solid understanding on CI/CD pipelines, build systems and DevSecOps principles.
- Experience defining security architecture patterns and standards in a large enterprise organization.
- Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application security
- Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
- Efficiency with web proxies such as Burp or OWASP ZAP or Fiddler
- Understanding of OAuth and JWT implementations.
- Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teams
- A BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.
- Experience in Cloud Security Posture Management (CSPM) and/or Application Security Posture Management (ASPM) tools is a plus.
- Having OSWE OSCP, GWEB, GPEN or similar certificate is a plus
- Experience in Mobile Application Penetration Testing is a plus
- Familiarity with AI&ML & LLM concepts, AI Red Teaming, AI Guardrails is a plus.
#LI-Hybrid
About Us
Fortinet makes possible a digital world that we can always trust through its mission to protect people, devices, and data everywhere. This is why the world’s largest enterprises, service providers, and government organizations choose Fortinet to securely accelerate their digital journey. The Fortinet Security Fabric platform delivers broad, integrated, and automated protections across the entire digital attack surface, securing critical devices, data, applications, and connections from the data center to the cloud to the home office. Ranking #1 in the most security appliances shipped worldwide, more than 615,000 customers trust Fortinet to protect their businesses. And the Fortinet NSE Training Institute, an initiative of Fortinet’s Training Advancement Agenda (TAA), provides one of the largest and broadest training programs in the industry to make cyber training and new career opportunities available to everyone.
#J-18808-Ljbffr
Senior Application Security Engineer employer: Fortinet, Inc.
Contact Detail:
Fortinet, Inc. Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Application Security Engineer
✨Tip Number 1
Familiarise yourself with the OWASP Top 10 vulnerabilities, as this knowledge is crucial for a Senior Application Security Engineer. Being able to discuss these vulnerabilities and how they apply to Fortinet's applications will demonstrate your expertise during interviews.
✨Tip Number 2
Showcase your experience with application penetration testing tools like Burp Suite or OWASP ZAP. Be prepared to discuss specific instances where you've used these tools to identify and mitigate security risks in applications.
✨Tip Number 3
Highlight your understanding of cloud-native application architecture and DevSecOps principles. Discuss any relevant projects where you implemented security measures in CI/CD pipelines, as this aligns closely with the responsibilities of the role.
✨Tip Number 4
Prepare to talk about your experience with threat modelling methodologies like MITRE ATT&CK or STRIDE. Being able to articulate how you've applied these methodologies in previous roles will set you apart as a candidate who can proactively address security challenges.
We think you need these skills to ace Senior Application Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in application security, particularly focusing on your skills in code reviews, penetration testing, and familiarity with OWASP TOP 10 vulnerabilities. Use specific examples to demonstrate your expertise.
Craft a Strong Cover Letter: In your cover letter, express your passion for application security and how your background aligns with Fortinet's mission. Mention any specific projects or achievements that showcase your ability to handle vulnerabilities and work with development teams.
Highlight Technical Skills: Clearly list your technical skills related to the job description, such as programming languages (Java, .NET, Python, JavaScript), security testing tools (DAST, SAST), and cloud security knowledge. This will help you stand out as a qualified candidate.
Showcase Teamwork and Communication: Since the role requires collaboration with various teams, include examples of how you've successfully worked in a team environment. Highlight your ability to communicate complex security concepts to both technical and non-technical audiences.
How to prepare for a job interview at Fortinet, Inc.
✨Showcase Your Technical Expertise
As a Senior Application Security Engineer, it's crucial to demonstrate your deep understanding of application security concepts. Be prepared to discuss your experience with OWASP TOP 10 vulnerabilities, penetration testing, and secure coding practices. Highlight specific projects where you've successfully identified and mitigated security risks.
✨Prepare for Code Review Scenarios
Expect to engage in discussions about code reviews during the interview. Brush up on your skills in manually auditing source code, particularly in languages like Java, .NET, Python, or JavaScript. You might be asked to analyse sample code snippets, so practice articulating your thought process while identifying potential vulnerabilities.
✨Familiarise Yourself with Security Tools
Fortinet values hands-on experience with various application security testing tools. Be ready to talk about your familiarity with DAST, SAST, IAST, and SCA tools. If you have experience with web proxies like Burp or OWASP ZAP, make sure to mention it, as this could set you apart from other candidates.
✨Demonstrate Team Collaboration Skills
Since this role involves working closely with development teams, emphasise your ability to communicate effectively with both technical and non-technical stakeholders. Share examples of how you've collaborated on security initiatives, provided training, or coached peers in application security best practices to showcase your teamwork skills.
