Application Security Engineering Lead
First Soft Solutions LLC · United States · 1 wk ago
RemoteRemoteManagementFull-time
Key Responsibilities
- Lead the organization's Application Security (AppSec) program and establish secure software development standards.
- Define and implement secure coding guidelines, application security policies, and development best practices.
- Serve as the primary technical advisor for application security across enterprise projects.
- Promote a security-first culture by mentoring development teams on secure design and coding practices.
- Partner with development teams to integrate security into every phase of the SDLC.
- Conduct secure design and architecture reviews for web, mobile, cloud, and API-based applications.
- Review application code to identify security vulnerabilities and recommend remediation strategies.
- Ensure compliance with OWASP Top 10, CWE, SANS Top 25, and industry security standards.
- Lead Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Interactive Application Security Testing (IAST) activities.
- Identify, prioritize, and remediate application vulnerabilities.
- Coordinate penetration testing and validate remediation efforts.
- Perform threat modeling and security risk assessments for new applications and services.
- Develop and maintain Python scripts to automate security assessments, reporting, vulnerability validation, and compliance checks.
- Automate security scanning and integrate security tools into CI/CD pipelines.
- Build custom security utilities to improve application security operations and developer productivity.
- Support Infrastructure as Code (IaC) security validation and cloud security automation.
- Integrate security controls into DevOps and CI/CD pipelines.
- Collaborate with cloud engineering teams to implement secure cloud-native application architectures.
- Secure REST APIs, microservices, containers, and Kubernetes deployments.
- Support identity management, authentication, authorization, and secrets management.
- Ensure compliance with enterprise security policies and regulatory requirements.
- Develop security documentation, standards, and operational procedures.
- Track application security metrics, remediation timelines, and risk posture.
- Support internal and external security audits.
Required Qualifications
- Minimum 7+ years of experience in Application Security, Secure Software Development, or Cybersecurity Engineering.
- Advanced expertise in Application Security principles and practices.
- Strong experience implementing secure SDLC and DevSecOps methodologies.
- Advanced proficiency in Python scripting and security automation.
- Hands-on experience with SAST, DAST, SCA, and vulnerability management tools.
- Strong understanding of OWASP Top 10, CWE, CVSS, and secure coding standards.
- Experience securing RESTful APIs, web applications, microservices, and cloud-native applications.
- Experience with authentication and authorization technologies such as OAuth2, OpenID Connect, JWT, and SAML.
- Familiarity with container security, Kubernetes, Docker, and Infrastructure as Code.
- Excellent analytical, communication, leadership, and problem-solving skills.