Key skills
Application SecurityInformation SecuritySecure Software Development Lifecycle (SDLC)OWASP Top 10OWASP ASVSSANS Top 25Application Security Testing ToolsBurp SuiteFortifyCheckmarxVeracodeZAPThreat ModelingPenetration TestingSecure Architecture ReviewsCloud SecurityAWSAzureKubernetes SecurityContainer HardeningRuntime ProtectionDevSecOpsCybersecurity Frameworks ComplianceNIST CSFISO 27001IEC 62443CISSPCSSLPOSCPGWAPTCEHGIAC Cloud SecurityInfluenceKubernetesSDLCCI/CDCommunicationOWASP
About this role
EnerSys is a global leader in stored energy solutions for industrial applications. The Application Security Engineer is responsible for strengthening the security of applications and development processes by collaborating with software engineers, DevOps teams, and security professionals to embed security into the software development lifecycle.
Responsibilities:
- Serve as a primary liaison between the Cybersecurity and development teams, ensuring security is integrated into design, development, deployment, and operations
- Conduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities
- Define, maintain, and enforce secure coding standards, patterns, and best practices
- Integrate and manage security tooling within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions
- Support secure architecture reviews for cloud‑native applications, microservices, and containerized workloads
- Support threat modeling, risk assessments, and security architecture reviews for applications
- Ensure that all security practices meet regulatory and compliance requirements
- Develop and deliver cybersecurity training programs for development teams to promote awareness and adherence to best practices
- Ensure application security practices align with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443)
- Keep up to date on emerging threats, incorporating threat intelligence into security practices and providing proactive defenses
- Monitor and respond to application security threats, incidents and vulnerabilities
- Stay up to date on regulatory developments and industry trends
- Manage and maintain third-party vendor and consultant relationships
- Perform other duties as assigned
Requirements:
- Bachelor's degree in a technical field (e.g., Computer Science, Information Systems, Cybersecurity)
- 5+ years of experience in Information Security, with at least 3 years focused on application security, secure development, or DevSecOps
- Demonstrated experience building and scaling an application security program, either as the lead or a key contributor
- Strong knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies
- Hands-on experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP
- Experience conducting threat modeling, penetration testing, secure software development, and secure architecture reviews
- Practical experience securing cloud environments (AWS or Azure) and implementing cloud-native security controls
- Familiarity with Kubernetes security, container hardening, and runtime protection
- Strong communication skills with the ability to collaborate and influence across technical and non-technical teams
- Must have an active passport and be willing to travel internationally
- Relevant certifications such as CISSP, CSSLP, OSCP, GWAPT, CEH, or GIAC Cloud Security
- Experience securing embedded systems and mobile applications