Application Security Engineer

About The Position

Requirements

• Three or more years of experience in application security with strong knowledge of web and API security concepts and best practices.
• 10 or more years of experience in information technology.
• Ability to build an application security program from the ground up.
• Proficient in at least one programming language, ideally Java, but Python, C#, etc., are also acceptable.
• Experience with security testing (e.g., SAST, SCA, and DAST) tools and frameworks (e.g., OWASP ZAP, Burp Suite).
• Experience with CI / CD pipelines, DevOps, and automation tools.
• Familiarity with GitHub repositories.
• Previous experience with SDLC development and hands-on programming within a "modern" CI / CD pipeline.
• Ability to mentor and train team members, particularly in environments with limited application security expertise.
• Demonstrated understanding of the information security landscape and a broad range of security technologies.
• Proven ability to communicate clearly and effectively, both verbally and in writing, to technical and nontechnical audiences.
• Proficient use of various core systems, office and computer equipment, and software packages.
• Bachelor’s degree in information security or related discipline; experience in lieu of degree acceptable.

Nice To Haves

• Demonstrated project management skills.
• Proven ability to develop and maintain concise and accurate plans, documentation, run books, and reports.
• Proven ability to prioritize and meet deadlines.
• High degree of discretion / confidentiality, solid problem-solving skills, and close attention to detail.

Responsibilities

• Establishes, launches, and matures the Application Security Program within the development community.
• Performs security testing and code reviews of web applications and APIs to identify and remediate vulnerabilities and risks.
• Provides recommendations and develops, implements, and maintains security policies, guidelines, and procedures.
• Delivers security guidance and training to developers and QA engineers to promote secure coding practices.
• Researches and evaluates emerging security technologies and tools to enhance application security capabilities.
• Monitors and responds to security incidents and alerts, ensuring timely resolution and mitigation.
• Collaborates with development teams to integrate security practices into the software development lifecycle (SDLC).
• Serves as a subject matter expert on application security best practices and industry standards.
• Leads and coordinates complex tasks across IT, engineering, and security teams.
• Defines requirements and identifies tools to improve application security capabilities and effectiveness.
• Develops and contributes to operational and executive reporting on application security metrics and performance.
• Makes informed decisions in coordination with management on matters impacting the organization.
• Participates in strategy development and contributes to the evolution of application security practices.
• Applies analytical thinking and problem-solving skills to assess risks, prioritize issues, and implement effective solutions.
• Drives continuous improvement initiatives and supports the implementation of security enhancements.
• Consistently acts according to our customer experience standards, including responding quickly, maintaining a positive attitude, building rapport, demonstrating empathy, managing expectations, using appropriate communication channels, and taking ownership to resolve issues.
• Participates in a rotational on-call schedule.
• Performs special projects and other duties as assigned.

Benefits

• Medical insurance plan options and other standard employee benefits, including dental insurance, vision benefits, life insurance, disability insurance, and more!
• Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA)
• 401(k) Plan (participants are eligible for 100% matching on the first 6% of their contributions)
• Wellbeing Program, including onsite fitness studio
• Paid Time Off – including holiday, vacation, and volunteer
• 100% company-paid tuition reimbursement for approved job-relevant coursework and access to The Institutes (Risk and insurance education)
• Paid parental leave
• Bonus opportunities
• Western National believes in supporting balance between work and life by providing a flexible work environment, which includes a variety of hybrid and remote work arrangements designed to balance individual, job, department, and company needs.