Application Security Engineer

Job Description: - Serve as a primary liaison between the Cybersecurity and development teams, ensuring security is integrated into design, development, deployment, and operations

- Conduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities

- Define, maintain, and enforce secure coding standards, patterns, and best practices

- Integrate and manage security tooling within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions

- Support secure architecture reviews for cloud‑native applications, microservices, and containerized workloads

- Support threat modeling, risk assessments, and security architecture reviews for applications

- Ensure that all security practices meet regulatory and compliance requirements

- Develop and deliver cybersecurity training programs for development teams to promote awareness and adherence to best practices

- Ensure application security practices align with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443)

- Keep up to date on emerging threats, incorporating threat intelligence into security practices and providing proactive defenses

- Monitor and respond to application security threats, incidents and vulnerabilities

- Stay up to date on regulatory developments and industry trends

- Manage and maintain third-party vendor and consultant relationships

Requirements: - Bachelor’s degree in a technical field (e.g., Computer Science, Information Systems, Cybersecurity)

- 5+ years of experience in Information Security, with at least 3 years focused on application security, secure development, or DevSecOps

- Demonstrated experience building and scaling an application security program, either as the lead or a key contributor

- Strong knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies

- Hands-on experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP

- Experience conducting threat modeling, penetration testing, secure software development, and secure architecture reviews

- Practical experience securing cloud environments (AWS or Azure) and implementing cloud-native security controls

- Familiarity with Kubernetes security, container hardening, and runtime protection

- Strong communication skills with the ability to collaborate and influence across technical and non-technical teams

Benefits: - Paid time off plus paid holidays

- Medical/dental/vision insurance plan

- Life insurance, short/long term disability, tuition reimbursement, flex spending, and employee stock purchase plan

- 401K plan