Jobs · Information Technology · Georgia

Lead Application Security Engineer

Carters Inc. · Atlanta, GA · 1 wk ago
Information TechnologyFull-time

Key Responsibilities

  • Application security, architecture & standards (25%)
    • Defining and owning the enterprise application security architecture, standards, and secure-by-default patterns
    • Evaluating vendors and driving adoption of AppSec tooling across engineering teams
    • Serving as the final technical authority on AppSec decisions
    • Conducting and directing advanced secure code reviews, SAST/DAST assessments, and manual penetration testing
    • Owning API security standards and driving vulnerability triage, risk prioritization, and remediation accountability
  • Secure code review, API security & advanced testing (25%)
    • Conducting and directing advanced secure code reviews, SAST/DAST assessments, and manual penetration testing
    • Owning API security standards including REST and GraphQL, enforcing OWASP API Top 10 controls and authentication/authorization design patterns
    • Driving vulnerability triage, risk prioritization, and remediation accountability across development teams at scale
  • DevSecOps engineering & platform ownership (20%)
    • Owning the DevSecOps toolchain: designing, deploying, and maturing security gates within CI/CD pipelines
    • Embedding security into system design, SDLC processes, and platform decisions
    • Demonstrating program maturity and risk reduction through continuous improvement of AppSec metrics, dashboards, and KPIs
  • Ai security – build, secure & govern (20%)
    • Building and deploying AI-powered security tooling and automation
    • Assessing and governing risks associated with AI/ML integrations and connectors
    • Developing and enforcing AI governance policies
  • Risk governance, compliance & cross-functional leadership (10%)
    • Representing the IT Security team in architecture reviews, cross-functional planning, and executive risk reporting
    • Leading AppSec representation in PCI-DSS, NIST, and OWASP compliance audits and evidence collection

Requirements

  • Must Have:
    • 5+ years of application security, software engineering, or secure code review experience
    • Strong proficiency in one or more languages (e.g., Python, Java, JavaScript, Go) with ability to perform in-depth code review and threat modeling
    • Experience with SAST/DAST tooling (e.g., Snyk, SonarQube, Semgrep, Checkmarx, Burp Suite, OWASP ZAP)
    • Proven communication and presentation skill set abilities with multilevel stakeholders
    • Ability to meet deadlines and work with management across various disciplines
    • Proven collaborative experience with cross functional teams
    • Ability to perform on-call duties during off-hours and holidays
    • An adaptable and flexible attitude towards changing business needs
  • Preferred Skills And Experience:
    • Bachelor’s degree in computer science or related field
    • Experience leading or conducting red team, penetration testing, or adversarial simulation exercises
    • Working knowledge of PCI-DSS, NIST, OWASP, and other regulatory frameworks; experience representing security in audit and compliance reviews
    • Experience securing cloud-native or hybrid-cloud application environments (AWS, Azure, or GCP)
    • Hands-on experience building, deploying, or integrating AI/ML-powered tools, combined with the ability to assess and govern their security posture
    • Proven ability to define and enforce security standards across engineering organizations; prior experience owning a security capability or domain
    • Security+, ISC2 CC, CompTIA A+, CompTIA Network+, SSCP, CCT, GWEB, CSSLP, CEH, or OSCP certifications

Similar jobs