Application Security Engineer

This is a fully remote position, open to applicants in Alabama, +43 more states.

📋 Description

• Act as the main point of contact between the Cybersecurity and development teams, ensuring the integration of security throughout design, development, deployment, and operations.

• Perform application security evaluations, code reviews, API testing, threat modeling, and penetration testing to uncover vulnerabilities.

• Establish, maintain, and enforce secure coding standards, practices, and patterns.

• Integrate and oversee security tools within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions.

• Assist with secure architecture evaluations for cloud-native applications, microservices, and containerized workloads.

• Aid in threat modeling, risk assessments, and security architecture evaluations for applications.

• Ensure all security practices comply with regulatory and compliance standards.

• Create and present cybersecurity training programs for development teams to foster awareness and adherence to best practices.

• Ensure application security practices are in line with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443).

• Stay informed about emerging threats, integrating threat intelligence into security practices and offering proactive defenses.

• Monitor and address application security threats, incidents, and vulnerabilities.

• Keep abreast of regulatory changes and industry developments.

• Manage and nurture relationships with third-party vendors and consultants.

• Execute other responsibilities as assigned.

⛳️ Requirements

• Bachelor’s degree in a technical discipline (e.g., Computer Science, Information Systems, Cybersecurity)

• Over 5 years of experience in Information Security, with a minimum of 3 years concentrated on application security, secure development, or DevSecOps

• Proven experience in building and scaling an application security program, either as a lead or a key contributor

• In-depth knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies

• Practical experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP

• Experience with threat modeling, penetration testing, secure software development, and secure architecture evaluations

• Hands-on experience in securing cloud environments (AWS or Azure) and implementing cloud-native security controls

• Familiarity with Kubernetes security, container hardening, and runtime protection

• Excellent communication skills with the ability to collaborate and influence both technical and non-technical teams.

🏝️ Benefits

• Paid time off along with paid holidays

• Medical, dental, and vision insurance plan

• Life insurance, short/long term disability, tuition reimbursement, flexible spending, and employee stock purchase plan

• 401K plan