Jobs · Information Technology · Utah

Application Security Engineer

LVT (LiveView Technologies) · American Fork, UT · 1 wk ago
On-siteInformation TechnologyFull-time

About the role

This role is based in-office out of our Headquarters in American Fork, Utah.

Role Responsibilities

  • Strategic Integration: Partner with Product and Engineering to embed reproducible, high-standard security practices directly into the SDLC.
  • Defense Engineering: Develop and maintain sophisticated manual and automated security processes to identify, evaluate, and mitigate risks across our software ecosystem.
  • Offensive Security: Lead proactive security initiatives including threat modeling, deep-dive code reviews, and offensive security exercises/penetration testing.
  • Vulnerability Management: Architect and manage the deployment of vulnerability scanning tools, driving the remediation process to ensure rapid resolution of identified issues.
  • Policy Stewardship: Assist in the development and continuous improvement of secure development policies and procedural documentation.
  • Technical Translation: Communicate complex vulnerability details and risk assessments to both technical and non-technical stakeholders, ensuring organizational alignment.
  • Security Culture: Mentor junior team members and foster a strong, transparent security culture across the company.
  • Impact Measurement: Success in this role is measured by the reduction of critical vulnerabilities in production, the speed of remediation cycles, and the successful adoption of security tools by the broader engineering team.

Benefits

  • Comprehensive health, dental and vision coverage
  • Retailment benefits (401k match up to 4%)
  • Flexible PTO

Qualifications

  • Proven Experience: At least 2+ years of professional experience in an Information Security role with a dedicated focus on modern application environments.
  • Cloud Proficiency: 2+ years of hands-on security experience with AWS and other cloud service platforms.
  • Modern Stack Familiarity: Comfortable navigating common web languages and frameworks such as HTML, PHP, Node.js, React.js, Nest.js, and Next.js.
  • Pipeline Expertise: A solid understanding of CI/CD tools and artifacts including GitHub, Docker, JFrog, CircleCI, and ArgoCD.
  • Technical Depth: A comprehensive understanding of common application vulnerabilities (OWASP Top 10) and the orchestration of automated tools used to combat them (SAST, DAST, SCA).
  • IT Foundations: Strong grasp of foundational IT domains, including operating systems, networking protocols, and the OSI model.
  • Compliance Awareness: Familiarity with standard security and regulatory compliance frameworks such as CIS, NIST, ISO/IEC 27001, SOC2, or FedRAMP.
  • Exceptional Communicator: Ability to articulate risk with clarity and professional poise, maintaining high levels of personal integrity while working with cross-functional partners.
  • Preferred Credentials: A degree in IT/Security or industry certifications such as Security+, OSCP, GPEN, or ITCA are highly valued.

Similar jobs

Application Security Engineer

Booz Allen HamiltonUtah, United States· 1 wk ago
Information Technology$87k–$198k/yrapply on careers.boozallen.com