Application Security Engineer

CivicPlus, LLC

11d

About The Position

The Application Security Engineer is responsible for embedding security throughout the software development lifecycle (SDLC), leading application security testing, and driving vulnerability remediation efforts. About CivicPlus At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured.

Requirements

3 – 7 Years of experience in application security, secure development, penetration testing, or related field
Working experience in application testing or security testing tooling (including SAST, DAST, and/or IAST)
Working experience integrating secure design principles into change management, code review, CI/CD pipelines, and supporting secure development operations.
Security+, GSEC, GSSP or equivalent
Bachelor’s degree in Computer Science, Cybersecurity, Information Security, Information Systems, or a related field (preferred)
Strong understanding of Secure Software Development Lifecycle (SSDLC), application security controls, and vulnerability management
Familiarity with secure coding practices across multiple development languages (such as C#, Go, Java, JavaScript, or Python)
Knowledge of cloud-native and SaaS application environments

Responsibilities

Perform security code reviews, threat modeling, and architecture reviews across all development projects as part of secure Software Development Lifecycle (SDLC).
Collaborate with development teams to integrate secure design, secure coding standards, and security controls across the SDLC.
Identify, track, and validate vulnerabilities and security defects from security testing and scanning, collaborating with development teams to inform and prioritize remediation within compliance timeline requirements.
Coordinate external, independent penetration testing of production environments.
Lead application security testing, including static, dynamic, and interactive application security testing (SAST, DAST, IAST).
Serve as a subject matter expert on application security vulnerabilities (such as the OWASP Top 10) and emerging threats.
Partner closely with organizational functions and key stakeholders to provide guidance, tooling, and training to development teams and ensure secure design principles are applied, risks are mitigated, and applications are resilient against modern threats.