Senior Application Security Engineer

This is a fully remote position, open to applicants in Alabama.

📋 Description

• Create and enforce technical security policies and procedures within engineering, ensuring the effectiveness of security measures.

• Conduct application scans and tests to identify potential vulnerabilities and ensure compliance with security standards.

• Collaborate with engineering teams during code reviews to spot potential security weaknesses and suggest strategies for writing more secure code.

• Incorporate security tools and processes into the software development and operations pipeline, automating security checks and scans to detect and resolve vulnerabilities early in the development lifecycle.

• Facilitate training sessions for technology teams, offering one-on-one coaching and large group training on secure coding practices and best practices in information system security.

• Configure and oversee automated tools and solutions to rectify security weaknesses in applications, systems, and infrastructure.

• Work closely with incident response teams to minimize the impact of incidents stemming from application security vulnerabilities and determine necessary remediation steps.

• Actively suggest process improvements and execute prioritized enhancements within the Cybersecurity team to boost application security capabilities.

• Monitor current events, technological advancements, and shifts in the secure application development landscape to foresee changes in attacker tactics and adapt internal technologies, policies, and procedures accordingly.

• Design, implement, maintain, and enhance internal controls to continuously mitigate risk.

• Identify risk-related issues that require escalation to management.

⛳️ Requirements

• A Bachelor's degree with at least 3 years of relevant professional experience, or a total of 7 years of higher education and/or work experience, including a minimum of 5 years in software development or application security.

• Previous experience in reviewing or resolving vulnerabilities identified through application security tools such as SAST, SCA, IAST, DAST, or ASPM.

• Intermediate knowledge of the Software Development Life Cycle (SDLC).

• Capability to train technologists and leaders at various levels in secure application development, both in-person and virtually.

• Strong communication and interpersonal skills.

🏝️ Benefits

• Health insurance

• 401(k)

• Paid time off

• Flexible working arrangements

• Professional development opportunities