Cybersecurity Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
• Equivalent professional experience may be considered in lieu of a degree
• 3–6 years of experience in application security, DevSecOps, or cybersecurity engineering
• Demonstrated experience integrating security tooling into CI/CD pipelines
• Experience supporting developers with vulnerability remediation and secure coding practice
• Hands-on experience with application security and DevSecOps tooling, specifically:
• Traceable (API security, runtime visibility, API threat detection)
• Mend (WhiteSource) for software composition analysis (SCA)
• Invicti for dynamic application security testing (DAST)
• Strong understanding of:
• Secure SDLC and DevSecOps principles
• Web application and API security (OWASP Top 10, OWASP API Top 10)
• Microservices and cloud-native architectures
• Proficiency in CI/CD platforms and automation
• Experience with scripting or programming (e.g., Python, Bash, PowerShell, or similar)
• Ability to analyze vulnerabilities and communicate risk clearly to technical and non-technical stakeholders
• Strong collaboration skills with development, platform, and security teams
• Ability to manage multiple priorities in a fast-paced engineering environment

Nice To Haves

• Experience in cloud environments (AWS, Azure, or GCP) preferred
• CSSLP, GWAPT, OSCP, or similar application security certifications
• Cloud security or DevOps certifications (AWS, Azure, Kubernetes)

Responsibilities

• Application & API Security Tooling Operations
• Configure, manage, and maintain application security tools including Traceable (API security), Invicti (DAST), and Mend (SCA).
• Monitor scan results, alerts, and findings; validate vulnerabilities and eliminate false positives.
• Ensure continuous coverage across web applications, APIs, microservices, and CI/CD pipelines.
• CI/CD Security Integration & Automation
• Integrate security testing tools into CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Azure DevOps, Jenkins).
• Automate security scans for source code, open-source dependencies, dynamic testing, and API runtime monitoring.
• Develop and maintain scripts, policies, and guardrails to enforce secure development practices.
• Vulnerability Management & Remediation Support
• Prioritize vulnerabilities based on risk, exploitability, and business impact.
• Partner with engineering teams to provide actionable remediation guidance.
• Track remediation progress and validate fixes through re-scanning and verification
• Secure SDLC Enablement & Developer Support
• Act as a security subject-matter expert for development teams.
• Provide guidance on secure coding practices, API security, and dependency management.
• Create documentation, runbooks, and developer-facing security guidance.
• Security Metrics, Reporting, & Continuous Improvement
• Develop dashboards and metrics to measure application security posture and DevSecOps maturity.
• Report trends, risks, and improvements to cybersecurity leadership.
• Continuously evaluate and optimize tooling configurations and processes.
• Governance, Risk, and Compliance Alignment
• Support internal security standards, policies, and regulatory requirements.
• Assist with audits, risk assessments, and evidence collection related to application security controls.