Cybersecurity Engineer II – Application Security

About The Position

Requirements

• Relevant experience in cybersecurity, application development, DevSecOps, or a closely related technical discipline.
• Strong foundational knowledge of application security concepts, web vulnerabilities (OWASP Top 10), and secure coding principles.
• Practical knowledge of Azure and serverless application security, including hands-on exposure to Azure Functions.
• Functional experience with at least one programming or scripting language (e.g., Python, PowerShell, JavaScript, .NET).
• Hands-on exposure to SAST and/or DAST tools, including interpreting findings and recommending remediation.
• Familiarity with Azure-native application architectures, CI/CD pipelines, and DevSecOps concepts, with interest in security automation.
• Strong analytical, troubleshooting, and problem-solving skills.
• Effective written and verbal communication skills, with the ability to explain security concepts to technical audiences.
• Strong organization, time management, and prioritization skills.
• Bachelor’s degree in computer science, Engineering, Cybersecurity, or a related field, or equivalent alternative education, skills, and/or practical experience.
• 2+ years of work experience in cybersecurity or other areas directly relevant to cybersecurity responsibilities.
• Knowledge of developer tools such as GitHub, Azure DevOps, and TeamCity.
• Understanding of development and product teams and DevSecOps best practices.
• Applicants must be currently authorized to work in the United States on a full-time basis.

Nice To Haves

• Experience with API security, container security, or Kubernetes security concepts.
• Exposure to threat modeling methodologies for applications and services, including serverless architectures.
• Basic understanding of applied cryptography, web security, TLS/SSL, and authentication protocols (e.g., OAuth, SAML).
• Interest in using automation or AI-assisted tooling to improve security efficiency (e.g., triage, code review assistance).
• Security certifications such as Security+ or CSSLP (or progress toward advanced certifications).

Responsibilities

• Implement, operate, and continuously improve application security solutions, including SAST, DAST, API security, container security, and software composition analysis (SCA).
• Support development and product teams by providing functional and technical guidance on application security findings and remediation approaches.
• Assist in embedding security into the software development lifecycle (SDLC) through tooling, automation, and collaborative partnerships with engineering teams rather than enforcement-based gates.
• Contribute to security automation efforts in CI/CD pipelines, leveraging security-as-code principles where applicable.
• Collaborate with senior engineers on threat modeling activities for web, API, and serverless applications.
• Learn and apply secure design principles for Azure and Azure Functions.
• Independently manage assigned tasks and smaller projects, escalating risk or complexity as appropriate.
• Effectively triage support issues and respond with the appropriate level of urgency.
• Participate in a 24x7 on-call rotation as scheduled, including limited after-hours support when needed.