Application Security Engineer - DevSecOps

Requirements

Must have:

- Bachelors degree in Computer Science, Information Security, or a related field - Over five years of experience with OWASP, SAST, DAST, SCA, RASP, and common security tools - A minimum of seven years in application security, security engineering, or software development - Extensive knowledge of web application security and prevalent attack vectors (e.g., SQL injection, XSS, CSRF) - Experience in secure coding practices, threat modeling, and secure software development lifecycle (SDLC) methodologies - Proven track record in diagnosing, isolating, and resolving complex issues - Familiarity with systems integration processes, methodologies, and tools - Development and scripting expertise for at least seven years - Background in API and Web Security - Three years of experience with WAF or similar application security infrastructure is a plus - Seven years or more experience in integrating security within CI/CD and DevOps environments - Experience in process or operational management for six years or more - Six years of experience in Value Stream Mapping, Continuous Flow, and Pull Replenishment process improvements - Excellent verbal and written communication skills with the ability to engage effectively with cross-functional teams - Capability to maintain professional relationships across all levels of the organization - Flexibility to work independently or collaboratively within a team - Strong multitasking abilities and impeccable time management skills - Proficiency in at least one programming language (e.g., Python, .NET, Javascript) with .NET preferred - Advanced proficiency in at least one scripting language (e.g., PowerShell, bash) - In-depth understanding of NIST framework, PCI, ISO 27001, SOC, SOX, CCPA, GDPR, and other global regulations - Expertise in CI/CD utilizing Azure DevOps, Terraform, or comparable automation technologies - Knowledge in risk management findings, vulnerability prioritization, threat modeling, and mitigation strategies - Preferred certifications include CISSP, OSCP, CASE, or equivalent industry-recognized credentials

Responsibilities:

- Conduct security assessments of our applications using both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) methodologies - Collaborate closely with software development teams to embed security practices throughout the development lifecycle - Evaluate security across web, mobile, and other applications and analyze findings to pinpoint vulnerabilities while providing remediation guidance - Design and enact secure software development protocols, including threat modeling and secure coding standards - Stay informed about security threats, trends, and technologies to recommend new security measures as required - Lead application security investigations and deliver recommendations to reduce risk - Maintain security documentation, serve as a subject matter expert, and collaborate on security policies, procedures, and standards - Undertake additional duties as necessary as assigned

Company:

We are looking for a passionate and seasoned Application Security Engineer to be part of our expanding security team. This technical role requires a deep understanding of application security, data privacy, and secure software development practices. Our ideal candidate will assess security across our organizations applications while collaborating with development teams to ensure that security measures are integrated effectively. We prioritize staying abreast of the latest security trends and technologies, which are woven into our overarching security strategy. This position offers competitive compensation in the range of $110,000 to $130,000, along with a comprehensive suite of benefits including health insurance, paid time off, and a 401(k) retirement plan. We pride ourselves on being an Equal Opportunity Employer committed to a diverse and inclusive workplace.