Application Security Architect
About The Position
This Principal Application Security Engineer will lead the design, development, and deployment of an MCP (Multi‑Component Pipeline) server that integrates with enterprise AppSec scanning tools such as Checkmarx, Black Duck, and Invicti. The role combines deep application security expertise, strong backend engineering (Java-first), and the ability to architect scalable systems that onboard hundreds of applications into an automated security‑scanning ecosystem. This person will implement a new AI secure coding tool, they need someone to come in to ensure the coding is done securely. The engineer will work closely with the hiring manager, additional AppSec stakeholders. They will also collaborate with the pen testing team and interface with Corgea outputs to reduce false positives and continuously improve scanning accuracy.
Requirements
- Strong understanding of SAST, SCA and DAST tools.
- Experience specifically with Checkmarx and Black Duck.
- Ability to define appsec rules, triage false positives, and tune scanning systems.
- MCP server Integration experience - Experience setting up or integrating MCP servers with app sec environments. Knowing how MCP servers work, their components, and how they interact with scanning tools.
- Large Scale System Design Experience - Experience architecting systems that onboard and manage applications. Have a strong focus on performance, scalability, and reliability.
- Java Development experience - Experience building and hosting API's and designing scalable backend frameworks.
- Communication - Ability to articulate architectural design clearly.
- Technical authority to work with cross functional stakeholders.
Nice To Haves
- AI/LLM experience - understanding of how LLM's generate outputs and how to leverage automation. Any experience developing or integrating AI-driven product would be a NTH
Responsibilities
- Lead the design, development, and deployment of an MCP (Multi‑Component Pipeline) server.
- Integrate enterprise AppSec scanning tools such as Checkmarx, Black Duck, and Invicti.
- Architect scalable systems that onboard hundreds of applications into an automated security‑scanning ecosystem.
- Implement a new AI secure coding tool to ensure secure coding practices.
- Collaborate with the hiring manager and additional AppSec stakeholders.
- Work with the pen testing team and interface with Corgea outputs to reduce false positives and continuously improve scanning accuracy.
Benefits
- Medical, dental & vision
- Critical Illness, Accident, and Hospital
- 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
- Life Insurance (Voluntary Life & AD&D for the employee and dependents)
- Short and long-term disability
- Health Spending Account (HSA)
- Transportation benefits
- Employee Assistance Program
- Time Off/Leave (PTO, Vacation or Sick Leave)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Education Level
No Education Listed
