Application Security Engineer

About The Position

Requirements

• Bachelor's Degree in Computer Science, Cybersecurity, Information Assurance, or Network Security, or a relevant field and/or 7+ years of work experience in the IT Security field or Equivalent Experience
• 6 or more years of prior work experience
• Strong knowledge of administering Application Security technologies and testing practices, including SAST, DAST, SCA, WAF, and penetration testing, and integrating security controls into CI/CD pipelines and DevSecOps workflows.
• Software development experience or demonstrated familiarity with automation and scripting using Python, SQL, and Git-based collaboration workflows.
• Knowledge of securing modern development platforms and ecosystems, including GitHub source control and CI/CD workflows, AI coding assistants (e.g., GitHub Copilot).
• Knowledge of secure coding practices and secure open-source package management across common languages and frameworks, including Java, JavaScript, NodeJS, Python, React, Angular, and C#.
• Knowledge of secure application design and architecture principles, including client-server, serverless, and microservices-based architectures; access control best practices; and secure secrets management.
• Knowledge of Secure SDLC best practices and activities with a process-oriented approach to maturing practices, leveraging frameworks such as OWASP SAMM, OWASP ASVS, AWS Well-Architected Framework, and related industry standards.
• Strong written and verbal communication skills, with the ability to lead and influence diverse groups and clearly explain complex technical concepts to audiences without similar technical backgrounds.
• Excellent time management skills and the ability to effectively balance multiple objectives and priorities.
• Strong analytical and troubleshooting skills.
• A demonstrated desire, commitment, and ability to be a collaborative team player with a professional attitude and presentation.
• Strong ability to mentor software developers in the identification, understanding, and remediation of application security weaknesses.
• Ability to analyze and evaluate complex data and make sound recommendations with less-than-perfect information.
• An excellent communicator and relationship builder who can translate complex security concepts into clear, actionable guidance for non-technical stakeholders.

Nice To Haves

• Bachelor’s Degree in Computer Science, Cybersecurity, Information Assurance, or Network Security or in a relevant field.
• 7+ years of work experience in the IT Security field.
• Technical: 5-8 years
• Security certifications such as CISSP, CSSLP, GWAPT, AWS Solutions Architect, or similar are desired

Responsibilities

• Support and continuously optimize Application Security engineering capabilities. Maintain and enhance tool platforms (SAST/DAST/SCA), custom integrations, and supporting processes in alignment with the Application Security program. Design and mature a centralized program leveraging DevSecOps infrastructure through close partnership with Development teams.
• Plan and execute a wide range of Application Security activities, including penetration testing, threat modeling, secure design reviews, secure code reviews, secure open-source software management, and developer training and outreach. Partner with Risk, Compliance, and Assurance functions to support the organization in meeting its security and compliance obligations.
• Provide hands-on technical guidance to software developers throughout the vulnerability remediation lifecycle. Perform secure code reviews, validate false positive determinations, coach developers on effective remediation strategies, and retest application and penetration test findings to confirm successful closure. Take a proactive approach to mentoring developers and other staff members.
• Represent Application Security engineering on Information Security initiatives and cross-functional projects, including the development and support of Python- and SQL-based data analytics ETL solutions. Operate and enhance program tooling, DevSecOps integrations, and automation to support evolving development environments and business needs.
• Other related duties as assigned.

Benefits

• Competitive Compensation: anticipated base salary from $89,000 to $135,000 based on skills and experience. This position is eligible to participate in an annual incentive program.
• Rest and Relaxation. This role is eligible for 25 days of paid time off annually, which is prorated in the year of hire based on hire date. In addition, based on your hire date, you will be eligible for 9 paid holidays + 2 floating holidays. Parental leave is also offered as an opportunity for all new parents to embrace this exciting change in their lives.
• Our Company Makes an Impact. We’ve been recognized by multiple organizations like Bloomberg’s Gender-Equality Index, HousingWire’s Tech 100, and The Forum of Executive Women’s Champion of Board Diversity. Radian has also pledged to SHRM’s CEO Action for Inclusion & Diversity commitment.
• Comprehensive Health Benefits. Multiple medical plan choices, including HSA and FSA options, dental, vision, and basic life insurance.
• Prepare for your Future. 401(k) with a top of market company match (did we mention the company match is immediately vested?!) and an opportunity to participate in Radian’s Employee Stock Purchase Plan (ESPP).
• Homebuyer Perks. Our Homebuyer Perks program helps employees navigate the home searching, buying, selling, and refinancing processes and provides valuable financial benefits to encourage, enable, and support home ownership.
• Additional Benefits. To learn more about our benefits offerings, visit our Benefits Page.