Lead Application Security Engineer

About The Position

Requirements

• Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience - Required
• 6+ years in application security, product security, or software engineering with a security focus.
• Experience coordinating and/or consuming third-party penetration tests and translating results into actionable remediation plans.
• Strong hands-on skill with Terraform, Python, Bash, and CI/CD (Jenkins or equivalent).
• Hands-on experience running and configuring SAST, DAST, SCA, and secrets scanning in CI/CD or adjacent workflows.
• Strong understanding of common web and API vulnerabilities (e.g., OWASP Top 10) and practical remediation strategies.
• Comfort with Git-based workflows, build pipelines, and issue tracking; able to work with engineers where they are.
• Ability to communicate risk clearly and drive alignment on prioritization and timelines with application owners and stakeholders.
• Advanced oral and written communication skills demonstrating ability to share and impart knowledge.
• Ability to liaise with individuals across a wide variety of operational, functional, and technical disciplines.
• Advanced ability to translate business needs and problems into viable/accepted solutions.
• Ability to quickly adapt to new methods, work under tight deadlines and stressful conditions.
• Ability to appropriately balance priorities, deadlines, and deliverables.
• Advanced ability to set goals and handle multiple tasks, clients, and projects simultaneously.
• Advanced investigative, analytical and problem solving skills.
• Ability to work well within a team environment and participate in department/team projects
• Advanced skills in customer relationship management and change management.
• Advanced negotiating and persuasion skills

Nice To Haves

• Master’s degree in Arts/Sciences (MA/MS) or professional industry certification - Preferred

Responsibilities

• Coordinate external penetration tests (scoping, scheduling, access, and logistics) across multiple application teams.
• Partner with application owners to triage findings, validate impact, and prioritize remediation based on risk and business context.
• Operate, tune, and maintain SAST and SCA tooling (rulesets, baselines, false-positive management, and integrations) to improve signal-to-noise.
• Run and configure DAST scanning and validate results with engineering teams, including safe testing practices and environment coordination.
• Implement and operate secrets scanning across source control and CI/CD, and partner on prevention patterns (rotation, vaulting, and developer guidance).
• Integrate findings into ticketing and SDLC workflows, define SLAs, and track remediation progress to closure with clear ownership.
• Create lightweight standards, guidance, and enablement so application teams can remediate faster without security becoming a blocker.

Benefits

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
• Join the bright and creative minds of RGA, and experience vast, endless career potential.