Senior Application Security Engineer

Position Overview

What You'll Do

• Lead threat modeling exercises to proactively identify security risks across applications and infrastructure layers.

• Collaborate with agile and waterfall development teams to integrate security requirements and acceptance criteria throughout the SDLC.

• Analyze application components, data flows, and external dependencies to anticipate and mitigate vulnerabilities.

• Automate security build pipelines and scanning processes, focusing on Docker container security and security scanning automation using scripting languages such as Python, PowerShell, or Ruby.

• Conduct security code reviews targeting common vulnerabilities (e.g., injection, XSS, insecure configurations), without requiring deep programming expertise.

• Implement and maintain security controls including encryption, authentication, access controls, and input validation.

• Provide guidance and training on secure coding practices and security tool usage to development teams.

• Evaluate and deploy security tools and automation solutions to enhance application security posture and streamline operations.

• Partner closely with Application Security Testers to measure control effectiveness and identify gaps.

• Ensure alignment with regulatory frameworks and industry best practices including HIPAA, PCI, NIST, and others.

What You Bring

Required:

• Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

• 12+ years of cybersecurity experience with 4+ years specifically in application security and threat modeling.

• 2+ years working in Agile environments, writing user stories including security acceptance criteria.

• Proficiency in scripting languages (Python, PowerShell, Ruby) to automate security processes, with a focus on container and build pipeline automation.

• Strong understanding of API, web application, and container security vulnerabilities.

• Experience in Microsoft technology stack (.NET and related).

• Excellent verbal and written communication skills and strong customer service orientation.

• Comfortable working cross-functionally with development, security testing, and operations teams.

Preferred:

• Hands-on experience with secure code review and application development.

• Familiarity with source code management, build/deployment pipelines, and web application firewalls.

• Knowledge of OWASP Top 10, MITRE CWE Top 25, and secure coding standards.

• Relevant certifications such as CISSP, CDP, E|CDE.

• Experience with compliance and regulatory standards such as HIPAA, PCI, CIS, HiTrust, ISO 27001, NIST.