Jobs · Information Technology · California

10873 - Application Security Engineer II - Cyber Defense

Hyundai AutoEver America · Irvine, CA · 2 wk ago
Information Technology$12k–$170k/yrFull-time

What You Will Be Doing

  • Define, document, and maintain Secure SDLC policies, standards, and procedures covering secure design and coding expectations, security testing requirements, build, release, and deployment security controls.
  • Partner with Engineering, Platform, and AppDev teams to ensure Secure SDLC requirements are practical, scalable, integrated into existing workflows, and clearly communicated.
  • Support governance activities, including reviews, exceptions, and continuous improvement of SDLC security requirements using standardized Risk Operation processes.
  • Develop, manage, and maintain a hardened cloud container image repository for application workloads, including defining baseline security requirements, selecting and hardening base images, patching and managing dependencies, and considering runtime security.
  • Drive adoption of approved images and patterns by platform and application teams, ensuring container images are scanned, updated, and versioned in alignment with security standards.
  • Define and implement automated security testing within CI/CD pipelines, including static and dynamic application security testing, and open-source and dependency vulnerability scanning.
  • Tune tools and rules to balance coverage, accuracy, and developer experience, ensuring security testing is integrated early in the pipeline to enable remediation prior to final build and deployment.
  • Partner with engineering and application teams to incorporate findings from SAST, DAST, and open-source scans into the Risk Operation function, clearly triaging and prioritizing issues, assigning ownership, and supporting secure release decisions.

Basic Qualifications

  • Experience: 5+ years of experience in Application Security, Product Security, or Secure Software Engineering with hands-on experience defining and implementing Secure SDLC requirements. Experience integrating SAST, DAST, and open-source vulnerability scanning into CI/CD pipelines.
  • Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
  • Technical Expertise: Practical experience securing containerized applications and managing hardened container images. Strong understanding of common application vulnerabilities (e.g., OWASP Top 10), modern CI/CD workflows and DevOps practices, and secure coding and build processes. Strong troubleshooting and collaboration skills.
  • Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.

Preferred Qualifications

  • Experience: Hands-on experience with industry leading Application Security tools for SAST, DAST and Opensource scanning. Experience with container platforms and registries (e.g., Docker, Kubernetes) and working in cloud-native application environments. Working knowledge of application threat modeling techniques is a plus.
  • Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, or Application Security specific certifications (CSSLP, GWAPT, etc) are highly desirable.
  • Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

Similar jobs

Cybersecurity Engineer-II

Accenture Federal ServicesVirginia, United States· 3 wk ago
Information Technology$120k–$150k/yrapply on boards.greenhouse.io