Lead Java Application Security Engineer
CNA National Warranty Corp•Scottsdale, AZ
•Onsite
About The Position
CNA National is hiring a Lead Java Application Security Engineer who can write production code and eliminate real-world vulnerabilities—not just talk about them. This is a hands-on leadership role where you’ll split your time between securing applications (SAST/DAST, OWASP, API security) and building modern apps (Java, Spring Boot, Angular). You won’t be siloed—you’ll own both security and engineering outcomes, fix vulnerabilities in code, influence architecture, standards, and engineering culture, and work on modern stacks with real business impact.
Requirements
- 5+ years in Application Security (hands-on)
- 7+ years in Java + Angular development
- Proven technical leadership experience
- Strong knowledge of OWASP Top 10 & API security
- Experience with tools like Veracode, Checkmarx, or Fortify
Nice To Haves
- AI-assisted dev/security tools
- AWS or GCP
- Security certifications
Responsibilities
- Run and act on Veracode (or similar) SAST/DAST/SCA scans
- Remediate vulnerabilities directly in Java + Angular codebases
- Secure APIs using OAuth2, JWT, authn/authz best practices
- Lead design and delivery of scalable applications
- Mentor engineers and raise the bar on secure coding
- Evaluate AI-generated code (Copilot) for security risks
Benefits
- Collaborative, fast-paced environment
- Opportunity to grow skills, take on new challenges, and make a real impact
- Benefit from the strength of CNA Financial
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
