Lead Cybersecurity - Application Security DevSecOps Engineer

About The Position

Requirements

• Typically, 4-8 years of experience in application security, with significant hands-on experience using DAST tools and methodologies.
• Proven expertise in testing complex web applications, APIs, and mobile applications for security vulnerabilities.
• Experience integrating DAST tools (e.g., Burp Suite, IBM AppScan, HCL AppScan, Netsparker, Acunetix) into CI/CD pipelines and DevSecOps environments.
• Strong understanding of application security standards (e.g., OWASP Top Ten, SANS CWE Top 25).
• Knowledge of complementary security testing approaches such as Static Application Security Testing (SAST) and Interactive Application Security Testing (IAST).
• Effective communication skills and experience collaborating with development teams to remediate vulnerabilities.
• Familiarity with programming languages and frameworks commonly used in web and mobile applications, including Java, Python, Bash/Shell Scripting, PHP, Javascript, etc.

Nice To Haves

• Advanced degrees (Master’s or certifications) can enhance expertise and credibility.
• Relevant certifications such as:
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• GIAC Web Application Penetration Tester (GWAPT)
• Certified Application Security Engineer (CASE)
• Certifications specifically related to security testing tools (e.g., Burp Suite Certified Practitioner)
• Deep technical knowledge of dynamic security testing tools and techniques.
• Strong analytical skills to interpret scan results and distinguish false positives.
• Solid understanding of web protocols, authentication mechanisms, and session management.
• Ability to lead security testing initiatives and mentor junior security engineers.
• Continuous learner mindset to stay ahead of evolving security threats and testing technologies.

Responsibilities

• Lead the implementation, configuration, and optimization of DAST tools across development pipelines.
• Define and maintain best practices and standards for dynamic application security testing.
• Perform in-depth vulnerability assessments and security testing on web applications, APIs, and mobile apps.
• Collaborate closely with development, DevOps, and security teams to integrate DAST into CI/CD workflows.
• Analyze DAST scan results, validate findings, and prioritize remediation efforts based on risk.
• Stay current on emerging threats, vulnerabilities, and exploits relevant to application security.
• Provide expert guidance and training to teams on interpreting DAST reports and remediation strategies.
• Support compliance efforts by ensuring security testing meets regulatory and industry standards.

Benefits

• Medical/Dental/Vision coverage
• 401(k) plan
• Tuition reimbursement program
• Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
• Paid Parental Leave
• Paid Caregiver Leave
• Additional sick leave beyond what state and local law require may be available but is unprotected
• Adoption Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
• Employee Assistance Programs (EAP)
• Extensive employee wellness programs
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.