Lead Application Security Engineer
Little Caesars Pizza · Detroit, MI · 1 wk ago
Information TechnologyFull-time
Key Responsibilities
- Define, own, and govern application security architecture standards, patterns, and requirements across development teams.
- Provide senior-level technical leadership, including review and approval of designs for complex, high-risk, or business-critical applications.
- Lead or co-own the design, implementation, and ongoing maturity of the enterprise DevSecOps program.
- Evaluate, select, and govern application security tooling, including defining usage standards, coverage expectations, and success metrics.
- Perform advanced threat modeling and security architecture reviews for externally exposed or high-impact applications.
- Act as the primary application security subject matter expert for development and platform teams.
- Define, track, and report application security metrics and KPIs to assess program effectiveness and inform leadership.
- Serve as a technical mentor and final escalation point for complex application security issues.
- Partner with Governance, Risk, and Compliance teams to support secure development training and awareness initiatives.
Required Knowledge, Skills And Abilities
- Bachelor’s degree in computer science, Information Technology, Engineering, or a related technical field, or equivalent practical experience.
- Minimum of five (5) to seven (7) years of professional experience in information technology, with at least three (3) years focused on application security or closely related cybersecurity work.
- Experience applying application security principles, including secure coding, authentication, authorization, and data protection, in production software environments.
- Experience leading or significantly influencing application security architecture decisions.
- Experience integrating application security practices into modern software development methodologies, including Agile and CI/CD workflows.
Preferred Qualifications
- Experience leading or governing enterprise application security or DevSecOps initiatives.
- Experience defining standards and operating models for application security tooling (e.g., SAST, DAST, IAST, SCA).
- Ability to influence cross-functional teams without direct authority.
- Security-related certifications (e.g., CISSP, GIAC, CSSLP, OSCP) are a plus.