10873 - Application Security Engineer II - Cyber Defense

About The Position

Requirements

• Experience: 5+ years of experience in Application Security, Product Security, or Secure Software Engineering with hands-on experience defining and implementing Secure SDLC requirements. Experience integrating SAST, DAST, and open-source vulnerability scanning into CI/CD pipelines
• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
• Technical Expertise: Practical experience securing containerized applications and managing hardened container images. Strong understanding of common application vulnerabilities (e.g., OWASP Top 10), modern CI/CD workflows and DevOps practices and secure coding and build processes. Strong troubleshooting and collaboration skills.
• Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.

Nice To Haves

• Experience: Hands on experience with industry leading Application Security tools for SAST, DAST and Opensource scanning. Experience with container platforms and registries (e.g., Docker, Kubernetes) and working in cloud-native application environments. Working knowledge of application threat modeling techniques is a plus.
• Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, or Application Security specific certifications (CSSLP, GWAPT, etc) are highly desirable.
• Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

Responsibilities

• Define, document, and maintain Secure SDLC policies, standards, and procedures covering: Secure design and coding expectations Security testing requirements Build, release, and deployment security controls
• Partner with Engineering, Platform, and AppDev teams to ensure Secure SDLC requirements are: Practical and scalable Integrated into existing development workflows Clearly communicated and understood
• Utilizing the standardized Risk Operation processes, support governance activities, including reviews, exceptions, and continuous improvement of SDLC security requirements.
• Develop, manage, and maintain a hardened cloud container image repository for application workloads.
• Define baseline security requirements for container images, including: Base image selection and hardening Patch and dependency management Runtime security considerations
• Partner with platform and application teams to drive adoption of approved images and patterns.
• Ensure container images are scanned, updated, and versioned in alignment with security standards.
• Define and implement automated security testing within CI/CD pipelines, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Open-source and dependency vulnerability scanning
• Tune tools and rules to balance coverage, accuracy, and developer experience.
• Ensure security testing is integrated early in the pipeline to enable remediation prior to final build and deployment.
• Partner with engineering and application teams to ensure findings from SAST, DAST, and open-source scans are incorporated into the Risk Operation function and: Clearly triaged and prioritized Assigned appropriate ownership Remediated within agreed SLAs and timelines
• Track remediation progress and escalate systemic or repeated issues.
• Validate remediation and support secure release decisions.
• Act as a trusted security partner to development and other relevant teams.
• Provide guidance on secure coding practices, vulnerability remediation, and threat patterns.
• Support application security reviews, threat modeling, and design discussions as needed.
• Contribute to continuous improvement of application security tooling, processes, and metrics.