Application Security Engineer

Backstage•Burbank, CA

25d

About The Position

At Cast & Crew, we've empowered creativity and supported the global entertainment industry for decades. Together with our family of brands - Backstage, CAPS, Checks & Balances, Final Draft, Media Services, Sargent-Disc, and The TEAM Companies - we operate as a combined entertainment technology and services provider offering industry standard screenwriting accounting software, digital payroll products, data & reporting, and a host of creative tools. The industry continues to move faster than ever, and the need for our expertise, our technology, and our people has never been greater. We are a production's best ally every step of the way. #OneCastOneCrew We are seeking a highly skilled and motivated Information Security Engineer specializing in Application Security, DevSecOps, and Automation to join our team. In this role, you will be responsible for designing and implementing security strategies across the software development lifecycle, automating security operations, and driving the integration of security into DevOps practices. you will play a key role in safeguarding our applications and infrastructure by: Embedding security into the SDLC to ensure applications are secure by design. Building and automating DevSecOps pipelines to streamline secure software delivery. Developing and deploying security tools and workflows to enhance efficiency and scalability. Conducting proactive risk assessments and vulnerability management to mitigate potential threats. You bring expertise in building and securing modern software development environments, with a strong foundation in secure coding practices, threat modeling, and vulnerability management. Your hands-on experience in automating security testing within CI/CD pipelines makes you a vital partner to our development, IT, and operations teams. By leveraging cutting-edge tools and frameworks, you will seamlessly integrate security into the software development lifecycle while driving efficiency through automation. This role provides an exciting opportunity to work with innovative technologies, collaborate with talented professionals, and protect the applications that power the payroll services behind your favorite movies and TV shows. If you are passionate about tackling complex security challenges and implementing proactive solutions, we want you on our team!

Requirements

Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
3+ years of experience in cybersecurity, with a focus on application security, DevSecOps, or automation.
Strong understanding of secure software development lifecycle (SDLC) practices.
Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, SonarQube, Veracode, Checkmarx).
Experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD, GitHub Actions) and integrating security testing into pipelines.
Familiarity with programming/scripting languages (e.g., Python, Java, Bash, or PowerShell).
Strong knowledge of cloud security principles (e.g., AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes).
Experience with Infrastructure-as-Code tools (e.g., Terraform, Ansible).
Knowledge of OWASP Top 10, CWE, and other security frameworks.
Excellent problem-solving and communication skills.

Nice To Haves

Relevant certifications (e.g., OSCP, CISSP, CEH, CSSLP, or AWS Security Specialty).
Experience with security orchestration, automation, and response (SOAR) tools.
Familiarity with compliance frameworks (e.g., ISO 27001, SOC 2, PCI DSS).
Hands-on experience with vulnerability management tools and processes.

Responsibilities

Conduct application security assessments, including code reviews, threat modeling, and penetration testing.
Develop, maintain, and implement secure coding guidelines and best practices for development teams.
Identify and remediate vulnerabilities in applications using tools like SAST, DAST, and RASP.
Collaborate with development teams to ensure security is integrated into the design and architecture of new applications.
Respond to and manage application-level security incidents.
Design and implement DevSecOps pipelines to automate security testing (e.g., SCA, SAST, DAST) in CI/CD workflows.
Advocate for "security as code" by integrating security controls into infrastructure-as-code and deployment scripts.
Work with DevOps teams to ensure secure configurations of containerized and cloud-based environments.
Continuously evaluate and improve DevSecOps tools and processes to reduce friction and optimize developer productivity.
Develop and implement scripts, APIs, and automation workflows to improve security operations and reduce manual effort.
Automate vulnerability management, patching, and reporting processes.
Monitor and enhance security tools through custom scripting or integrations with other platforms.
Build automated security metrics dashboards to track risk and compliance.
Partner with cross-functional teams to foster a culture of security awareness and shared responsibility.
Provide training and mentoring to developers and engineers on secure coding practices and security tools.
Act as a security advisor during development sprints and product planning.
Stay up-to-date with the latest security vulnerabilities, trends, and technologies.
Evaluate new tools, technologies, and methodologies to enhance application security and automation.
Participate in incident response efforts as needed, providing expertise in application-level threats.