Senior Application Security Engineer
Spring, North Carolina, United States of America
Full Time
1 day ago
$111,500 - $211,500 USD
Visa Sponsor
Key skills
AWSAzureCloudGoogle Cloud PlatformJavaJavaScriptJenkinsNode.jsPythonSDLCGoAILLMRAGGCPGoogle CloudGitHub ActionsAzure DevOpsGitHubGitLabCI/CDOWASPCloud SecurityWAF
About this role
Role Overview
- Integrate security practices throughout the SDLC in partnership with engineering and DevOps teams.
- Promote secure coding standards, tooling, and automation.
- Design, implement, and maintain security controls within CI/CD platforms (GitHub Actions, Jenkins, GitLab, Azure DevOps, etc.).
- Ensure software integrity through code signing, artifact validation, and provenance.
- Automate SAST, DAST, SCA, and container image scanning in the build and release pipelines.
- Automated AI specific vulnerability scanning into CI/CD to catch insecure LLM orchestration patters
- Identify and remediate misconfigurations and access control gaps in pipeline environments.
- Design, deploy, and tune WAF rules and API security protections.
- Conduct API risk assessments and promote secure API design patterns.
- Perform secure code reviews and support automated security testing coverage across pipelines.
- Triage, prioritize, and track vulnerabilities across source code, CI/CD pipelines, and deployed services.
- Facilitate threat modeling for applications, APIs, and delivery pipelines.
- Perform threat modeling on RAG architecture and autonomous agents
- Expand security automation around API discovery, dependency scanning, SBOM generation, and secrets detection.
- Mentor engineering teams on secure coding and secure pipeline practices.
- Support the Security Champions program.
- Act as a trusted advisor to product, platform engineering, and DevOps teams, translating technical risks into business impact.
- Partner with SOC/IR teams during software supply chain or pipeline-related security incidents.
- Assess and guide the secure adoption of AI capabilities within enterprise applications—focusing on data security, access controls, model input/output handling, and preventing misuse within internal systems.
- Leverage AI‑powered security tools to identify anomalies, code risks, and pipeline misconfigurations within internal applications and CI/CD systems.
Requirements
- 5–8+ years in Application Security, Product Security, or Secure Software Development
- Hands-on experience securing CI/CD pipelines and source repositories (GitHub, GitLab, Jenkins, etc.)
- Knowledge of supply chain security frameworks (SLSA, NIST SSDF)
- Experience with secrets management, artifact signing (Sigstore, Cosign), and build integrity
- Strong background in WAF tuning, API security, and vulnerability remediation
- Proficiency in at least one programming language (Python, Java, Go, JavaScript/Node.js)
- Experience with SAST, DAST, SCA, and container scanning tools
- Cloud security experience (AWS, Azure, or GCP)
- Strong understanding of OWASP Top 10 (Web & API), CWE, and secure coding practices
- Familiarity with OWASP Top 10 for LLM Application and MITRE ATLAS
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Java
- JavaScript
- Jenkins
- Node.js
- Python
- SDLC
- Go
Benefits
- Health & Wellbeing
- Personal & Professional Development
- Unconditional Inclusion