A recent report suggests that 700,000 new cybersecurity professionals have joined the market since 2020. But still, we are nowhere near closing the talent gap.
LinkedIn shows only about +3k people with the "Application Security Engineer" job title.
Let's dive into the world of application security:
Application security engineers ensure that your development team follows best security practices in each step of the software development life-cycle.
Some of the responsibilities of an application security engineer can be:
There are some universities where you can study application security; however, it is more likely to depend on your efforts in training, certifications or bug bounties.
You'll be expected to be fluent in at least one programming language, and some companies are asking you to develop a small application.
You can start by joining OWASP communities and projects and also enrol many free courses:
There are also many certification programs related to application security:
According to Talent.com, the average salary of an application security engineer is around $136k annually in the United States.
Let's look at the required qualifications in the application security engineer jobs posted by some of the top companies:
Someone with experience in security automation (SAST, DAST, Fuzzing...) and Threat Modelling will be a right fit for this role.
Gaming giant Electonic Arts wants to hire someone to secure client systems (PC, mobile) and cloud infrastructure.
Someone with a security researcher background who has built vulnerability management programs and is experienced in OS internals would be successful in this role.
Amazon is looking for someone strong in the communication department in this role. You may need to explain issues to developers or even less technical persons.
Someone with a consultant background would be a good fit. A hands-on appsec experience and threat modelling experience will make your way into AWS.
As you can see, Application Security Engineer is a multi-disciplinary role. There are multi-roads to take, and in addition to technical skills, it requires effective communication skills.
Don't forget to subscribe to Kondukto Blog and get the latest tips and tools to build a mature AppSec Program.