Application Security Engineer
Purpose Brands, LLC · Boca Raton, FL · 3 wk ago
Information Technology$120k–$140k/yrFull-time
Purpose/Impact: (Duties & Essential Functions)
- Embed application security practices into all phases of the software development lifecycle (SDLC), from design through deployment and maintenance
- Perform application security assessments including static code analysis (SAST), dynamic testing (DAST), and software composition analysis (SCA)
- Develop and maintain threat models for critical systems and applications, collaborating with engineering teams to identify threats, assess risk, and drive remediation efforts
- Promote secure coding practices and contribute to secure development standards aligned with OWASP and industry best practices
- Enable DevSecOps by partnering with engineering and DevOps teams to integrate security tooling into CI/CD pipelines, enabling automated and repeatable security testing
- Analyze and manage vulnerability findings from tools such as GitHub Dependabot, application scanners, and cloud-native security services
- Help tune security tooling to reduce false positives and improve signal quality for development teams
- Support the adoption of security automation to improve consistency, efficiency, and scalability across application environments
- Collaborate with cloud and platform security engineers to ensure application security controls align with broader cloud security architecture
- Identify risks to the confidentiality, integrity, and availability of application data hosted in cloud-based environments
- Triage, prioritize, and track remediation of application vulnerabilities based on risk and business impact
- Absorb and assist in security investigations involving application vulnerabilities or security events
- Participate in periodic reviews of application security controls to validate effectiveness and compliance with organizational standards
Collaboration & Continuous Improvement
- Act as a security partner to engineering teams by providing guidance, education, and actionable recommendations
- Contribute to the continuous improvement of application security processes, standards, and metrics
- Support governance, risk management, and compliance initiatives as they relate to application security