Sr Applications Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 6 years of experience in application security, secure software development, or DevSecOps.
• Hands‑on experience with SAST, DAST, and dependency scanning tools, including tuning and operational ownership.
• Strong understanding of application vulnerability classes (OWASP Top 10, APIs, authentication, authorization).
• Experience integrating security into CI/CD pipelines and development workflows.
• Proven ability to assess risk, prioritize remediation, and clearly communicate decisions.
• Comfort working independently, taking ownership, and driving outcomes with minimal oversight.
• Strong communication skills with the ability to work effectively with developers, architects, and leadership.
• An equivalent combination of education and experience may be substituted for this requirement.
• The ability to meet or exceed the attendance and timeliness requirements of their departments.
• On-call work may be required based on business needs and role assignment.
• The ability to work well in a team environment and be capable of building and maintaining positive relationships with other staff, departments, and customers.
• The requirements listed are representative of the knowledge, skill, and or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Other duties may be assigned.

Nice To Haves

• Experience in healthcare or other regulated industries.
• Familiarity with Azure PaaS and cloud‑native application architectures.
• Exposure to AI‑assisted development risks, automation, or modern code‑generation tools.
• Threat modeling experience and security design review participation.
• Scripting or automation experience (Python, PowerShell, Bash).
• Relevant certifications (CSSLP, GWAPT, CISSP, or equivalent).

Responsibilities

• Own and operate application security tooling, including SAST, DAST, and software composition analysis, ensuring tools are tuned, effective, and aligned to business risk.
• Embed application security into CI/CD pipelines and development workflows to support shift‑left security while minimizing developer friction.
• Perform secure code reviews and validate vulnerabilities for exploitability, impact, and remediation feasibility.
• Define and maintain secure coding standards, guidance, and reusable security patterns for development teams.
• Establish guardrails and review expectations for AI‑assisted and AI‑generated code, reducing unowned and unmanaged application risk.
• Partner with development teams to triage findings, reduce false positives, and drive effective remediation.
• Apply risk‑based decision making aligned to organizational risk appetite and compliance frameworks (NIST, HIPAA, SOC 2).
• Support application threat modeling and identification of architectural security gaps.
• Collaborate with cloud, platform, and identity teams to ensure applications integrate securely with enterprise services.
• Contribute to audit readiness, evidence collection, and regulatory support related to application security controls.
• Reduce single‑points‑of‑failure by documenting processes, mentoring others, and improving program resiliency.

Benefits

• mission-driven organization
• support you need to build a meaningful career
• powerful impact in our community
• remote flexibility
• 1 day per week in the office