About the job: As part of our Cybersecurity Services division, the Application Security team operates under the leadership of the Chief Information Security Officer (CISO). The team is responsible for protecting our enterprise information assets in support of business objectives and in alignment with corporate policies.

The Application Security team leads the establishment and ongoing evolution of our Secure Software Development Program. This includes creating and implementing software security policies, providing architecture guidance, conducting software security scanning and penetration testing, and educating developers and testers on secure coding practices.

In this role, you will play a key part in safeguarding our software assets by strengthening the development process, enhancing security controls, and actively reducing defects and vulnerabilities in production environments.

Responsibilities:

· Strengthen the software development lifecycle (SDLC) by integrating security controls, frameworks, and best practices.

· Partner closely with development teams to provide security architecture guidance, triage vulnerabilities, and advise on effective remediation strategies.

· Utilize and scale enterprise application security tools, including SAST, SCA, threat modeling tools, and secrets management solutions.

· Analyze and interpret security data from distributed systems to provide engineering teams with clear, actionable insights.

· Conduct software security scanning, threat modeling, and architectural risk assessments to identify and mitigate defects prior to production deployment.

· Promote a culture of security by educating and mentoring developers and testers on secure coding practices and industry-standard security frameworks.

Minimum qualifications:

· Bachelor’s degree in Computer Science, Information Security, a related technical field, or equivalent practical experience.

· Prior engineering experience within a dedicated Software Security Assurance or Application Security team.

· Application engineering background with a strong understanding of secure software design principles, secure coding practices, code review processes, and security requirements analysis.

· Minimum of 2 years of hands-on experience working with Static Application Security Testing (SAST) or threat modeling tools.

· Practical experience with a range of application security tools, including Software Composition Analysis (SCA) and secrets management solutions.

· Deep familiarity with common application vulnerabilities (e.g., OWASP Top 10), attack vectors, and remediation strategies.

· Familiarity with recognized industry security frameworks and standards such as OWASP, CIS, and NIST.

Preferred qualifications:

· Experience integrating application security testing tools directly into Agile development environments and modern CI/CD pipelines.

· Proven track record of implementing, managing, and scaling enterprise-level application security tools, services, and controls.

· Strong analytical skills, including the ability to interpret large volumes of distributed security data and translate it into clear, actionable insights for engineering teams.

· Experience performing architectural risk assessments and threat modeling on complex systems.

· Excellent collaboration and communication skills, with a proven ability to partner effectively with development teams to balance robust security requirements with engineering innovation.

Apply now