Application Security Engineer
About The Position
This position is not eligible for visa sponsorship. Location expectations: This role requires working from a U.S. Bank location three (3) or more days per week. U.S. Bank is seeking an Application Security Engineer responsible for securing application code across the enterprise. This team plays a critical role in identifying vulnerabilities early in the software development lifecycle through modern security scanning and tooling integrated directly into development workflows. This person will partner closely with engineering teams to configure, maintain, and optimize application security tools within CI/CD pipelines, ensuring secure code practices are embedded across the organization. The role is focused on hands-on application security engineering, including static and dynamic code analysis, vulnerability triage, and continuous improvement of security tooling and automation. This is an opportunity to work on cutting-edge initiatives, including AI-driven application security capabilities, within a centralized and high-impact security function.
Requirements
- 5+ years of hands-on Application Security (AppSec) experience focused on SAST, SCA (open-source risk), and vulnerability detection at the code level
- Strong experience integrating and managing security tools within CI/CD pipelines (Jenkins required)
- Experience configuring, tuning, or maintaining application security scanning tools (not just consuming outputs)
- 2+ years of experience working with Java-based applications, automation, or development environments
- Working knowledge of cloud and/or containerization technologies (Docker) supporting security tooling environments
- Strong understanding of how vulnerabilities are identified within application code and secure SDLC practices
Nice To Haves
- Exposure to AI application security or securing AI/LLM-based applications
- Linux systems experience within development or security environments
- Experience with threat modeling and proactive application risk identification
- Background supporting Application Security Champion programs or developer enablement initiatives
- Broader DevOps / CI/CD ecosystem experience beyond Jenkins
- Experience with tools such as Fortify, Black Duck, FOSSA, or similar AppSec platforms
Responsibilities
- Configure and maintain application security tools within CI/CD pipelines (Jenkins-heavy environment)
- Perform application security scanning using SAST and software composition analysis (SCA) methodologies
- Support the development and expansion of dynamic application security testing (DAST) capabilities
- Analyze, triage, and track vulnerabilities, ensuring proper documentation and workflow management in ServiceNow
- Contribute to AI-focused application security initiatives, including use of automation and LLM-driven scanning techniques
- Maintain and enhance internal Java-based automation tools supporting security processes
- Support infrastructure components across cloud, on-prem, and containerized (Docker) environments
Benefits
- Healthcare (medical, dental, vision)
- Basic term and optional term life insurance
- Short-term and long-term disability
- Pregnancy disability and parental leave
- 401(k) and employer-funded retirement plan
- Paid vacation (from two to five weeks depending on salary grade and tenure)
- Up to 11 paid holiday opportunities
- Adoption assistance
- Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
