Jobs · Management

Application Security Engineering Lead

First Soft Solutions LLC · United States · 1 wk ago
RemoteRemoteManagementFull-time

Key Responsibilities

  • Lead the organization's Application Security (AppSec) program and establish secure software development standards.
  • Define and implement secure coding guidelines, application security policies, and development best practices.
  • Serve as the primary technical advisor for application security across enterprise projects.
  • Promote a security-first culture by mentoring development teams on secure design and coding practices.
  • Partner with development teams to integrate security into every phase of the SDLC.
  • Conduct secure design and architecture reviews for web, mobile, cloud, and API-based applications.
  • Review application code to identify security vulnerabilities and recommend remediation strategies.
  • Ensure compliance with OWASP Top 10, CWE, SANS Top 25, and industry security standards.
  • Lead Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Interactive Application Security Testing (IAST) activities.
  • Identify, prioritize, and remediate application vulnerabilities.
  • Coordinate penetration testing and validate remediation efforts.
  • Perform threat modeling and security risk assessments for new applications and services.
  • Develop and maintain Python scripts to automate security assessments, reporting, vulnerability validation, and compliance checks.
  • Automate security scanning and integrate security tools into CI/CD pipelines.
  • Build custom security utilities to improve application security operations and developer productivity.
  • Support Infrastructure as Code (IaC) security validation and cloud security automation.
  • Integrate security controls into DevOps and CI/CD pipelines.
  • Collaborate with cloud engineering teams to implement secure cloud-native application architectures.
  • Secure REST APIs, microservices, containers, and Kubernetes deployments.
  • Support identity management, authentication, authorization, and secrets management.
  • Ensure compliance with enterprise security policies and regulatory requirements.
  • Develop security documentation, standards, and operational procedures.
  • Track application security metrics, remediation timelines, and risk posture.
  • Support internal and external security audits.

Required Qualifications

  • Minimum 7+ years of experience in Application Security, Secure Software Development, or Cybersecurity Engineering.
  • Advanced expertise in Application Security principles and practices.
  • Strong experience implementing secure SDLC and DevSecOps methodologies.
  • Advanced proficiency in Python scripting and security automation.
  • Hands-on experience with SAST, DAST, SCA, and vulnerability management tools.
  • Strong understanding of OWASP Top 10, CWE, CVSS, and secure coding standards.
  • Experience securing RESTful APIs, web applications, microservices, and cloud-native applications.
  • Experience with authentication and authorization technologies such as OAuth2, OpenID Connect, JWT, and SAML.
  • Familiarity with container security, Kubernetes, Docker, and Infrastructure as Code.
  • Excellent analytical, communication, leadership, and problem-solving skills.

Similar jobs