Jobs · Engineering

Lead Application Security Engineer

State Compensation Insurance Fund · California, United States · 4 wk ago
RemoteRemoteEngineeringFull-time

Key Responsibilities

  • Lead application security initiatives using Secure SDLC, threat modeling, OWASP, AI TRiSM and NIST best practices.
  • Perform application security architecture reviews, application code reviews, vulnerability assessments, and application penetration testing activities.
  • Drive BRD, TDD, SDD, design, and code reviews with a security-risk lens; estimate effort for SAST, DAST, IAST, and application penetration-testing initiatives.
  • Own and advance AI powered application security strategy to safeguard applications, micro-segmentation, microservices, APIs, and UI components.
  • Execute Quality Agile + DevSecOps transformation activities to improve end-to-end application security across the enterprise.
  • Perform application vulnerability exploitation, application security audits, and application penetration testing to identify and mitigate high-risk exposures.

Desired Qualification

  • 5+ years of application security experience, including securing applications with privacy, and regulatory compliance (PII, PHI, PCI).
  • Hands-on experience with SAST, DAST, IAST, application penetration testing, and fuzz testing tools used by ethical hackers for the AI era.
  • Exposure to one or more application development frameworks: C#, .NET, Java, jQuery, AngularJS, ReactJS, GraphQL, Web APIs/Services, XML and Agentic AI.
  • Strong knowledge of application threat modeling, continuous protection via RASP, ADR or unified security platform and AI Security methodologies.
  • Ability to research emerging application security technologies, zero-day vulnerabilities, AI TRiSM framework and best practices.
  • Experience securing Web, Cloud, Agentic AI applications and Ethical Hacking, or Application PenTest certifications are a plus.
  • Experience implementing application security controls and application security testing solutions through the software development lifecycle – Secure SDLC.
  • Working knowledge of JIRA or similar defect-tracking systems and Work Breakdown Structures.
  • Excellent communication, presentation and collaboration skills.

Similar jobs