Application Security Engineer
United States of America
Full Time
2 hours ago
Visa Sponsor
Key skills
Application SecuritySecure Software DevelopmentVulnerability ManagementSecure Coding PracticesOWASP Top 10OWASP Top 10 for LLMsMITRE ATLASContainerization TechnologiesDockerKubernetesSecurity Testing ToolsBurp SuiteFortifyVeracodeSoftware Composition AnalysisSASTDASTPenetration TestingDevSecOpsCI/CD Pipeline SecurityAuthenticationAuthorizationAccess ControlAI Security GovernanceRegulatory ComplianceNYDFSNISTGDPRSOC 2ScriptingAutomationPythonPowerShellBashCertified DevSecOps EngineerCISSPOWASP CertificationsGIAC GWAPTAISalesforceSDLCCI/CDOWASP
About this role
H.W. Kaufman Group is a powerful global network of companies dedicated to shaping the future of insurance. The Application Security Engineer plays a crucial role in securing applications by integrating security best practices into the Software Development Lifecycle, conducting threat modeling, and collaborating with development teams to enhance application security.
Responsibilities:
- Partner with development teams to embed security best practices across the SDLC, including design, development, and deployment, and provides secure coding guidance
- Conduct threat modeling and security architecture reviews to identify design-level risks and implement appropriate security controls
- Identify, assess, and mitigate application vulnerabilities through a combination of automated (SAST/DAST) and manual code reviews, as well as penetration testing, and drive risk-based remediation
- Implement and manage application security tools, including SAST, DAST, Software Composition Analysis (SCA), and other security scanning solutions
- Ensure application security practices align with regulatory standards such as NYDFS, NIST, and OWASP guidelines
- Partner with DevOps, IT, and security teams to integrate security into CI/CD pipelines and engineering workflows
- Design and oversee the implementation of authentication, authorization, and access control mechanisms for APIs and platforms
- Develop and enforce secure usage standards and governance for AI tools and AI-generated code, addressing risks such as prompt injection, data leakage, insecure code generation, and model misuse, while aligning with regulatory and industry standards
Requirements:
- 5+ years of experience in application security, secure software development, and vulnerability management
- Strong knowledge of secure coding practices, OWASP Top 10, OWASP Top 10 for LLMs, MITRE ATLAS, and common security vulnerabilities
- Experience with containerization technologies such as Docker and Kubernetes, the principles of container operation, and their secure interaction
- Experience with security testing tools (e.g., Burp Suite, Fortify, Veracode, or similar)
- Familiarity with DevSecOps principles and integrating security into CI/CD pipelines
- Direct experience with security tools such as vulnerability scanners, intrusion detection systems, and log analysis tools
- Understanding of regulatory frameworks and compliance requirements (e.g., NYDFS, GDPR, SOC 2)
- Ability in scripting and automation using languages such as Python, PowerShell, or Bash and leverage AI driven tools to streamline and enhance security process and workflows
- Relevant certifications such as Certified DevSecOps Engineer, CISSP, OWASP certifications, GIAC GWAPT
- Experience with Black Duck/Polaris with Apex code (Salesforce) is a plus
- Experience with Black Duck/Polaris and Apex code (Salesforce) is a plus