Senior Application Security Engineer (DevSecOps / Cloud Security)

Position Overview

We are seeking a Senior Application Security Engineer to help strengthen and scale secure software development practices across a large enterprise environment. This role is focused on Application Security, Cloud Security, and DevSecOps, with responsibility for integrating security throughout the Software Development Lifecycle (SDLC), automating security controls, and reducing risk across modern application and cloud environments.

The ideal candidate has a background in Software Engineering or Application Development and has transitioned into Application Security, Security Engineering, or DevSecOps. While this is not a heavily hands-on coding role, candidates should be comfortable reviewing code, working directly with developers, and supporting a predominantly Java-based technology stack.

Key Responsibilities

• Partner with software engineers, architects, and technical stakeholders to embed security throughout application design, development, and deployment.
• Conduct application security reviews, threat modeling exercises, and security testing activities.
• Identify vulnerabilities through automated and manual assessments and work with development teams on remediation efforts.
• Implement and enhance security controls across applications, cloud environments, and supporting infrastructure.
• Integrate and automate security controls within CI/CD pipelines and DevSecOps workflows.
• Build and improve security tooling, services, and automation that enable developer adoption of secure practices.
• Support shift-left security initiatives and secure software development standards.
• Contribute to cloud security initiatives involving IAM, container security, workload protection, and infrastructure hardening.
• Serve as a security subject matter expert during escalations, risk assessments, and remediation efforts.

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Engineering, Business, or a related field, or equivalent professional experience.
• 7+ years of experience in Application Security, Security Engineering, DevSecOps, Information Security, or related disciplines.
• Previous experience in Software Engineering or Application Development strongly preferred.
• Experience supporting enterprise-scale application security programs and secure development initiatives.
• Strong understanding of SDLC, secure coding principles, OWASP, CVSS, and the MITRE ATT&CK framework.
• Experience with SAST, SCA, DAST, IaC scanning, and CNAPP technologies.
• Hands-on experience with application security testing tools such as BURP Suite and cloud security platforms such as Wiz.
• Experience supporting AWS and Azure environments.
• Familiarity with Docker, Kubernetes, Docker Swarm, GitHub Actions, Jenkins, Terraform, CloudFormation, and Ansible.
• Strong understanding of Windows and Linux/Unix security, networking, endpoint security, and infrastructure security.
• Scripting experience using Python, Bash, PowerShell, or Perl.
• Experience working within Agile environments utilizing Scrum and/or Kanban methodologies.

Preferred Qualifications

• Experience within highly regulated industries such as Financial Services, Banking, Insurance, Aerospace, Government, Healthcare, or similar compliance-driven environments.
• Experience supporting medium-to-large enterprise organizations.
• Experience implementing cloud security, DevSecOps, and application security programs at scale.
• Professional certifications such as CISSP, GIAC (GCSA/GWAPT), AWS Solutions Architect, or similar security-focused credentials.

Benefits

Eligible team members may receive a competitive compensation package, retirement benefits, professional development opportunities, continuing education assistance, wellness programs, and flexible work arrangements.

...