10873 - Application Security Engineer II - Cyber Defense

About The Position

Requirements

• 5+ years of experience in Application Security, Product Security, or Secure Software Engineering with hands-on experience defining and implementing Secure SDLC requirements.
• Experience integrating SAST, DAST, and open-source vulnerability scanning into CI/CD pipelines.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
• Practical experience securing containerized applications and managing hardened container images.
• Strong understanding of common application vulnerabilities (e.g., OWASP Top 10), modern CI/CD workflows and DevOps practices and secure coding and build processes.
• Strong troubleshooting and collaboration skills.
• Excellent stakeholder management and communication skills.
• Proficient in English for effective communication and coordination.

Nice To Haves

• Hands on experience with industry leading Application Security tools for SAST, DAST and Opensource scanning.
• Experience with container platforms and registries (e.g., Docker, Kubernetes) and working in cloud-native application environments.
• Working knowledge of application threat modeling techniques is a plus.
• Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred.
• Industry-recognized credentials such as CISSP, CISM, or Application Security specific certifications (CSSLP, GWAPT, etc) are highly desirable.
• Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

Responsibilities

• Define, document, and maintain Secure SDLC policies, standards, and procedures covering secure design and coding expectations, security testing requirements, and build, release, and deployment security controls.
• Partner with Engineering, Platform, and AppDev teams to ensure Secure SDLC requirements are practical, scalable, integrated into existing development workflows, and clearly communicated and understood.
• Utilizing the standardized Risk Operation processes, support governance activities, including reviews, exceptions, and continuous improvement of SDLC security requirements.
• Develop, manage, and maintain a hardened cloud container image repository for application workloads.
• Define baseline security requirements for container images, including base image selection and hardening, patch and dependency management, and runtime security considerations.
• Partner with platform and application teams to drive adoption of approved images and patterns.
• Ensure container images are scanned, updated, and versioned in alignment with security standards.
• Define and implement automated security testing within CI/CD pipelines, including SAST, DAST, and open-source and dependency vulnerability scanning.
• Tune tools and rules to balance coverage, accuracy, and developer experience.
• Ensure security testing is integrated early in the pipeline to enable remediation prior to final build and deployment.
• Partner with engineering and application teams to ensure findings from SAST, DAST, and open-source scans are incorporated into the Risk Operation function and clearly triaged and prioritized, assigned appropriate ownership, and remediated within agreed SLAs and timelines.
• Track remediation progress and escalate systemic or repeated issues.
• Validate remediation and support secure release decisions.
• Act as a trusted security partner to development and other relevant teams.
• Provide guidance on secure coding practices, vulnerability remediation, and threat patterns.
• Support application security reviews, threat modeling, and design discussions as needed.
• Contribute to continuous improvement of application security tooling, processes, and metrics.

Benefits

• The team fosters a high-performance, collaborative environment centered around proactive technology risk management and excellent customer service.
• Members are expected to lead with accountability, communicate effectively across functions, and adapt to dynamic challenges.
• The culture values technical excellence, continuous improvement, and global coordination, ensuring technology risks are well managed.