Application Security Engineer

This is a fully remote position, open to applicants in Alabama, +43 more states.

📋 Description

• Act as the main point of contact between the Cybersecurity and development teams, ensuring the integration of security into design, development, deployment, and operations.

• Perform application security evaluations, code examinations, API testing, threat modeling, and penetration testing to uncover vulnerabilities.

• Establish, uphold, and implement secure coding standards, practices, and guidelines.

• Incorporate and oversee security tools within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions.

• Assist in secure architecture evaluations for cloud-native applications, microservices, and containerized workloads.

• Provide support for threat modeling, risk evaluations, and security architecture assessments for applications.

• Ensure that all security protocols comply with regulatory and compliance standards.

• Create and deliver cybersecurity training initiatives for development teams to foster awareness and adherence to best practices.

• Ensure application security measures are in alignment with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443).

• Stay informed on emerging threats, integrating threat intelligence into security practices and establishing proactive defenses.

• Monitor and address application security threats, incidents, and vulnerabilities.

• Remain updated on regulatory changes and industry trends.

• Manage and sustain relationships with third-party vendors and consultants.

⛳️ Requirements

• Bachelor’s degree in a technical discipline (e.g., Computer Science, Information Systems, Cybersecurity).

• Over 5 years of experience in Information Security, with a minimum of 3 years concentrated on application security, secure development, or DevSecOps.

• Proven experience in building and expanding an application security program, whether as the leader or a significant contributor.

• Comprehensive knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies.

• Practical experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP.

• Experience in threat modeling, penetration testing, secure software development, and secure architecture assessments.

• Hands-on experience securing cloud environments (AWS or Azure) and implementing cloud-native security measures.

• Familiarity with Kubernetes security, container hardening, and runtime protection.

• Excellent communication skills with the capacity to collaborate and influence both technical and non-technical teams.

🏝️ Benefits

• Paid time off along with paid holidays.

• Medical, dental, and vision insurance coverage.

• Life insurance, short/long-term disability, tuition reimbursement, flexible spending, and employee stock purchase plan.

• 401K retirement plan.