Professional Resume Template for

Application Security

Elena M. Rodriguez

San Francisco, CA

(415) 555-0142

elena.rodriguez@email.com

linkedin.com/in/elena-rodriguez | github.com/elenarodriguez

Professional Summary

Pragmatic Application Security Engineer with 5 years of experience implementing secure software development lifecycles (SSDLC) and DevSecOps pipelines in cloud-native environments. Specializes in automating SAST/DAST/SCA tool integration within CI/CD pipelines, conducting hands-on threat modeling for AWS architectures, and performing secure code reviews in Java, Python, and Go. Proven track record of reducing vulnerability remediation timeframes by 38% and training 120+ software developers in secure coding practices to prevent OWASP Top 10 flaws. Professional certifications include CSSLP and AWS Certified Security Specialist.

Work Experience

Application Security Engineer — Logix Financial Systems

San Francisco, CA | July 2023 – Present

  • Automated SAST and SCA scanning tools into the GitHub Actions CI/CD pipelines for 45 microservices, reducing vulnerability detection latency from 4 days to under 15 minutes.
  • Led threat modeling sessions for 14 cloud-native web applications using STRIDE methodologies, identifying and mitigating 40+ security design flaws prior to production releases.
  • Partnered with development teams to remediate 180+ critical and high vulnerabilities, resulting in a 42% decrease in overall application security risk metrics over 12 months.
  • Designed and delivered secure coding training modules covering the OWASP Top 10, lowering developer-introduced injection flaws by 55% across 8 software engineering product teams.

Associate Security Engineer — NetFlow Security

San Jose, CA | June 2021 – June 2023

  • Conducted secure code reviews and static analysis audits for 30+ Java and Python code repositories, identifying and resolving over 120 input validation and cryptographic flaws.
  • Integrated DAST tools into active test suites, enabling daily vulnerability scans that cut external penetration testing finding counts by 33% year-over-year.
  • Authored secure coding guidelines and libraries for standard authentication and encryption functions, eliminating repeat security defects in new feature development.
  • Investigated and responded to 25+ application security alerts from bug bounty programs and internal reporting channels, coordinating patches within a 72-hour average SLA.

Education

Bachelor of Science in Computer Science

Santa Clara University · Santa Clara, CA · 2021

Skills

SAST, DAST, SCA, Threat Modeling, STRIDE, Secure Code Review, Cryptography, OWASP Top 10, Penetration Testing, CI/CD Integration, AWS, Java, Python, Go, GitHub Actions, Docker, Kubernetes, Burp Suite, SonarQube, Snyk, Semgrep

Projects

Automated Security Scanning Pipeline

Role: Lead Security Engineer

Tools: GitHub Actions, Semgrep, Snyk, DefectDojo

Designed and deployed a unified DevSecOps orchestration engine, scanning 50+ repositories automatically and reducing vulnerability resolution loops from weeks to 3 days.

Microservices Threat Model Audit

Role: AppSec Engineer

Tools: AWS, Threat Dragon, Draw.io, Confluence

Conducted comprehensive STRIDE threat modeling for a new cloud financial ledger system, uncovering 12 architecture defects before coding commenced.

Certifications

  • Certified Secure Software Lifecycle Professional (CSSLP) (2023)
  • AWS Certified Security - Specialty (2022)

Additional information

  • Languages: English (Native), Mandarin (Conversational)
  • Volunteer Work: Mentoring cybersecurity students through local professional chapters (2022-present)
  • Availability: 3 weeks notice

Ready to use this template?

Customize this template

Job Market Insights

Market data and opportunities for

Application Security

Job Market Insights

$120,000

-

$170,000

Avg:

$145,000

Growth Outlook:

The demand for Application Security Engineers in the United States is expanding rapidly as organizations adopt cloud-native microservices and continuous deployment models. With regulatory environments tightening and cyber threats targeting the software supply chain, application security has shifted from a periodic compliance check to a continuous development integration. Employment for information security professionals is projected to grow by 29% from 2024 to 2034, which is significantly faster than the national average.

29% growth over 10 years

Key Skills Required

Focus on these skills when customizing your resume for recruiter screenings.

Demonstrated experience implementing security scans (SAST/DAST/SCA) directly into modern DevSecOps CI/CD pipelines || Hands-on competency conducting threat modeling using STRIDE or similar frameworks on AWS cloud microservices || Strong proficiency in manual secure code review and patch verification within Java, Python, or Go source code

Search Jobs

Explore live openings for

Application Security

roles and tailor your resume to match the market demand.

Search

FAQ

Common questions about the

Application Security

position

What does an Application Security Engineer do?
Which certifications are most valuable for Application Security Engineers?
What technical tools should an Application Security Engineer master?
Is a software development background required for this role?
How does application security differ from network security?
What is threat modeling and why is it important in AppSec?
Use this template