Lead Application Security Engineer

The Lead Application Security Engineer is a technical role and serves as serve as subject matter expert in product security architecture, security testing, secure design review and security engineering

Position Description:

• Design and execute an application security strategy
• Create, maintain, and enforce application security development policies, procedures and standards
• Develop security integrations to be used in CI/CD pipeline and for development teams
• Work with development teams to ensure that application security risks are identified and remediated in a timely manner while maintaining a balance between security & usability
• Consult and train developers on secure coding practices and ensure development teams are validating for OWASP
• Triage vulnerabilities from dynamic and static scanning tools with development teams
• Assist with code reviews and develop secure libraries
• Perform web application penetrating testing
• Strategize and implement the OWASP software assurance maturity model
• Manage and tune web application firewalls
• Design and implement technologies to automate security processes
• Consult on secure architecture, least privileged design, threat mitigations, and security standard methodologies.

Qualifications:

• Experience leading application security programs
• Bachelor’s Degree in Computer Science or related field is preferred.
• 5+ years of experience in application security, application development and DevSecOps
• OSWE, GWAPT or similar certification is preferred
• Communicate and present security concepts to technical and non-technical audiences
• Knowledge with SOX and SOC2 compliance is preferred
• Experience in enterprise application development and design
• Experience with identity lifecycle management and federation technologies such as SAML
• Hands on experience with AWS