Java Security Testing Engineer

Job Title : Java Security Testing Engineer

Industry : Media & Technology

Location : Hybrid; Charlotte, NC or New York, NY (3 days per week onsite)

Duration : 6 months then conversion W2 Contract Position Overview The Cybersecurity Organization is seeking an Application Security Engineer. This role will be an integral component of the application security program end-to-end - from discovery and inventory of business unit applications, through tooling implementation, through embedding security and AI-assisted controls into business unit DevOps pipelines. This is as much a relationship and influence role as it is a technical role; success requires partnering effectively with subsidiaries. This is a hybrid on-site position, with a requirement to be in an office three times per week.

Job Responsibilities - Application discovery and inventory across all business units, including ownership mapping, technology stack profiling, and risk tiering

- Standing up and operating the AppSec tooling stack-SAST, SCA, secrets scanning, and container/IaC scanning-integrated into business unit CI/CD pipelines

- Designing and implementing AI-assisted triage workflows on top of AppSec tooling so that finding volume does not overwhelm developers and false positives are filtered before reaching engineering teams

- Defining secure SDLC requirements, threat modeling practices, and security gates that business units adopt as part of their standard development process

- Partnering with business unit development leaders to build the relationships and shared playbooks needed to operationalize AppSec without becoming a blocker to delivery

- Contributing to AI security strategy-evaluating emerging tools (AI code review assistants, agentic security testing, automated security requirement generation) and recommending what to operationalize and what to defer

- Producing executive-ready metrics and reporting that connect AppSec activity to business risk reduction

Required Qualifications - 7+ years in application security, product security, or security engineering, with at least 3 years in environments with multiple independent business units, brands, or product lines

- Hands-on experience deploying and operating modern AppSec tooling (e.g., Semgrep, Snyk, Checkmarx, Veracode, Apiiro, Ox Security, GitHub Advanced Security)

- Working code-level proficiency in at least three commonly-used languages (e.g., Python, JavaScript/TypeScript, Java, C#, Go) sufficient to read, review, and triage findings

- Strong scripting and automation skills in Python or equivalent; comfortable building integrations against REST APIs and operating in CI/CD environments (GitHub Actions, GitLab CI, Jenkins, Azure DevOps)

- Demonstrated ability to influence engineering organizations without direct authority-negotiating standards, driving adoption, and partnering with development leaders

- Practical understanding of OWASP Top 10, threat modeling methodologies (STRIDE, PASTA, or equivalent), and modern attack patterns, including supply chain risks

Preferred Qualifications - Experience integrating LLM-based tooling into security workflows (alert triage, finding summarization, remediation guidance generation)

- Familiarity with one or more compliance frameworks relevant to our environment (HITRUST, HIPAA, NIST AI RMF, SOC 2)

- Prior experience working in a regulated or healthcare-adjacent environment

- Cloud security depth in at least one major provider (AWS, Azure, Google Cloud Platform)

- Public contribution to AppSec community-OSS, conference talks, published research, or detection/rule contributions

For applications and inquiries, contact: [email protected]