Application Security Engineer, Sr.

About The Position

Requirements

• 5-7 years of related experience relative to the role
• Bachelors degree or equivalent experience
• A minimum of 5 years of experience in software development, architecture, or engineering roles
• A minimum of 3-5 years of experience applying secure development practices or working directly with application security tools (e.g., SAST, DAST, SCA, IaC scanning)
• Demonstrated experience leading remediation efforts and collaboration between development and security teams to address vulnerabilities
• Ability to read and interpret stack traces and source code call trees to validate and triage security findings
• Experience working in Agile/SCRUM environments and implementing CI/CD and DevOps practices
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash) to support automation and developer tooling
• Experience deploying and automating security solutions in enterprise environments using AWS and/or Azure
• Hands-on experience with application security platforms including SAST, DAST, SCA, IaC scanning, and secret detection tools
• Proficiency in one or more programming languages such as Java, .NET (C#), PHP, JavaScript, or Python)
• Working knowledge of SQL and relational database security considerations
• Strong understanding of OWASP Top10 and secure coding standards
• Experience with version control systems (Github, Azure DevOps, Gitlab) and CI/CD pipeline integration
• Familiarity with infrastructure-as-code tools (Terraform, CloudFormation) and containerization technologies (Docker, Kubernetes)
• Strong analytical and problem-solving skills, with the ability to bring structure and clarity to complex technical challenges
• Familiarity with Linux and Windows operating systems and cloud-native security practices in Azure, AWS, or GCP
• Ability to create scripts (PowerShell/bash)
• Adherence to secure change management and deployment processes
• Excellent communication skills and the ability to serve as a security ambassador across engineering and product teams
• Proven ability to take ownership of complex issues and drive them to resolution with minimal oversight

Responsibilities

• Manage and optimize application security tools (SAST, DAST, SCA, IaC, secret scanning) and ensure effective integration into CI/CD pipelines and the SDLC lifecycle
• Analyze source code and infrastructure-as-code for security vulnerabilities and provide actionable remediation guidance
• Validate and triage findings from security tools, removing false positives and ensuring accurate issue tracking
• Create and manage remediation tickets (e.g., Aha! Ideas, ServiceNow Requests), ensuring vulnerabilities are prioritized, assigned, and tracked to resolution
• Collaborate with development and engineering teams to validate remediation efforts and confirm closure of security issues
• Participate in the risk management process by documenting, reviewing, and maintaining risk exceptions for unresolved or accepted vulnerabilities
• Work with risk owners and business stakeholders to ensure appropriate compensating controls are in place and documented.
• Lead secure code reviews and contribute to threat modeling and design discussions for high-risk applications
• Mentor junior engineers and provide technical guidance on secure development practices
• Contribute to the development and refinement of secure coding standards, policies, and procedures
• Develop and maintain dashboards and reports that communicate application security posture, remediation progress, and risk trends to leadership
• Identify recurring security issues and propose systemic improvements to reduce future risk
• Lead efforts to evaluate, pilot, and implement new application security tools and integrations that enhance automation and coverage
• Continuously refine scanning configurations and policies to improve signal-to-noise ratio in findings
• Stay informed on emerging threats, vulnerabilities, and industry trends, and recommend improvements to tooling and processes
• Participate in the evaluation and onboarding of new security tools and technologies
• Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues.

Benefits

• We offer a comprehensive benefits package designed to support the physical, emotional, and financial health of you and your family, including healthcare, time off, retirement, and well-being programs.
• Each associate will earn a professional certification relevant to their field and can obtain tuition reimbursement.
• We offer quarterly and annual incentive programs for all employees who go beyond and keep raising the bar for themselves and the company.