Elfbeauty
Elfbeauty11mo ago

Senior Application Security Engineer

AhmedabadFull Timesenior
SecurityApplication Security EngineerCybersecurity
0 views0 saves0 applied

Quick Summary

Overview

About the Company e.l.f. Beauty, Inc. stands with every eye, lip, face and paw. Our deep commitment to clean, cruelty free beauty at an incredible value has fueled the success of our flagship brand e.

Technical Tools
SecurityApplication Security EngineerCybersecurity
About the Company

e.l.f. Beauty, Inc. stands with every eye, lip, face and paw. Our deep commitment to clean, cruelty free beauty at an incredible value has fueled the success of our flagship brand e.l.f. Cosmetics since 2004 and driven our portfolio expansion. Today, our multi-brand portfolio includes e.l.f. Cosmetics, e.l.f. SKIN, pioneering clean beauty brand Well People, Keys Soulcare, a groundbreaking lifestyle beauty brand created with Alicia Keys and Naturium, high-performance, biocompatible, clinically-effective and accessible skincare.

In our Fiscal year 25, we had net sales of $1 Billion and our business performance has been nothing short of extraordinary with 26 consecutive quarters of net sales growth. We are the #2 mass cosmetics brand in the US and are the fastest growing mass cosmetics brand among the top 5. Our total compensation philosophy offers every full-time new hire competitive pay and benefits, bonus eligibility (200% of target over the last four fiscal years), equity, and a hybrid 3 day in office, 2 day at home work environment. We believe the combination of our unique culture, total compensation, workplace flexibility and care for the team is unmatched across not just beauty but any industry.

Visit our Career Page to learn more about our team: https://www.elfbeauty.com/work-with-us

Position Summary
We are seeking a highly skilled and proactive Senior Application Security Engineer to join our growing security team. You will be responsible for securing our applications throughout the software development lifecycle (SDLC). This includes identifying vulnerabilities, working with development teams to remediate risks, and implementing security best practices and tools to ensure our applications are robust, secure, and compliant with relevant standards.
  • Perform manual and automated security assessments of web, mobile, and cloud applications 
  • Collaborate with development and engineering teams to embed security into SDLC (DevSecOps) 
  • Conduct secure code reviews, threat modeling exercises, and risk assessments to identify security weaknesses in application design. 
  • Implement and manage application security tools (SAST, DAST, SCA, IAST) 
  • Design and enforce security policies, standards, and procedures for application development 
  • Monitor, triage, and respond to application-layer vulnerabilities and incidents 
  • Work closely with QA and engineering teams to drive security testing and fix validation 
  • Lead the Incident Response effort for application-related security events. 
  • Stay current on the latest security threats, vulnerabilities, and industry's best practices 
  • Conduct developer training and promote a security-first culture within engineering 
  • Cross-train team members on Application Security principles. 
  • Actively participate in the broader corporate security efforts, including infrastructure security, end-user training, and vulnerability management. 
  • Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience). 
  • 8+ years in application security, secure software development, and penetration testing. 
  • Strong understanding of web technologies (HTML, JavaScript, Python, REST APIs, etc.). 
  • Experience with security tools for code security, bug bounty programs, and the ability to integrate them into CI/DC pipelines for automated security testing. 
  • Familiarity with OWASP Top 10, SANS Top 25, CWE, CVE, and secure coding practices. 
  • Knowledge of cloud environments (AWS, Azure, GCP) and their security features. 
  • Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders. 
  • Industry certifications such as CSSLP, GWAPT, OSCP, or CEH 
  • Experience with container security and CI/CD pipeline integration 
  • Familiarity with regulatory and compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS) 
  • Prior experience working in agile, DevOps, or fast-paced development environments 
  • Listing Details

    Posted
    May 9, 2025
    First seen
    March 26, 2026
    Last seen
    April 21, 2026

    Posting Health

    Days active
    26
    Repost count
    0
    Trust Level
    33%
    Scored at
    April 21, 2026

    Signal breakdown

    freshnesssource trustcontent trustemployer trust
    Newsletter

    Stay ahead of the market

    Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

    A
    B
    C
    D
    Join 12,000+ marketers

    No spam. Unsubscribe at any time.

    ElfbeautySenior Application Security Engineer