Lead Application Security Engineer
State Compensation Insurance Fund · California, United States · 4 wk ago
RemoteRemoteEngineeringFull-time
Key Responsibilities
- Lead application security initiatives using Secure SDLC, threat modeling, OWASP, AI TRiSM and NIST best practices.
- Perform application security architecture reviews, application code reviews, vulnerability assessments, and application penetration testing activities.
- Drive BRD, TDD, SDD, design, and code reviews with a security-risk lens; estimate effort for SAST, DAST, IAST, and application penetration-testing initiatives.
- Own and advance AI powered application security strategy to safeguard applications, micro-segmentation, microservices, APIs, and UI components.
- Execute Quality Agile + DevSecOps transformation activities to improve end-to-end application security across the enterprise.
- Perform application vulnerability exploitation, application security audits, and application penetration testing to identify and mitigate high-risk exposures.
Desired Qualification
- 5+ years of application security experience, including securing applications with privacy, and regulatory compliance (PII, PHI, PCI).
- Hands-on experience with SAST, DAST, IAST, application penetration testing, and fuzz testing tools used by ethical hackers for the AI era.
- Exposure to one or more application development frameworks: C#, .NET, Java, jQuery, AngularJS, ReactJS, GraphQL, Web APIs/Services, XML and Agentic AI.
- Strong knowledge of application threat modeling, continuous protection via RASP, ADR or unified security platform and AI Security methodologies.
- Ability to research emerging application security technologies, zero-day vulnerabilities, AI TRiSM framework and best practices.
- Experience securing Web, Cloud, Agentic AI applications and Ethical Hacking, or Application PenTest certifications are a plus.
- Experience implementing application security controls and application security testing solutions through the software development lifecycle – Secure SDLC.
- Working knowledge of JIRA or similar defect-tracking systems and Work Breakdown Structures.
- Excellent communication, presentation and collaboration skills.