Key skills
AWSAzureGoogle CloudKubernetesCI/CDCommunication
About this role
GuidePoint Security is a rapidly growing cybersecurity firm that provides trusted expertise and solutions to help organizations mitigate risk. They are seeking a Senior Application Security Engineer to lead AppSec program assessments, design security workflows, and deliver strategic advice to clients while adapting to their unique cultures and goals.
Responsibilities:
- Leading AppSec program assessments to evaluate current state, identify gaps, and help clients prioritize remediation efforts based on risk, resources, and organizational readiness
- Designing pragmatic security workflows, processes, tooling integrations, and developer friendly practices that engineering teams will actually adopt
- Getting hands-on when needed: implementing SAST/SCA/DAST/API tooling, configuring CI/CD security gates, building threat models, and conducting architecture reviews
- Navigating organizational complexity by helping clients work through the messy middle: tool sprawl, low adoption rates, competing priorities, technical debt, and cross-functional alignment challenges
- Delivering polished client work, producing clear assessments, actionable roadmaps, implementation guides, and executive communications that drive decision-making
- Serving as a strategic advisor and hands-on partner, adapting your approach to each client's culture, maturity, and goals
Requirements:
- 5+ years in application security, with demonstrated experience building, scaling, or leading an AppSec program
- Proficiency with the implementation, operationalization, and troubleshooting of tools across the AppSec landscape (SAST, DAST, SCA, API Security, secrets management)
- Comfortable operating at the strategic level (program design, roadmaps, risk prioritization) and the tactical level (hands-on implementation, tool configuration, code review)
- Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools
- Excellent written and verbal communication skills (you can translate technical findings into business risk for executives, and explain security requirements to developers)
- Prior consulting or client-facing experience, scoping engagements, managing expectations and delivering clean work
- Operational DevSecOps experience
- Security certifications (CSSLP, OSCP, GWAPT, or similar)
- Experience with cloud-native security (AWS, Azure, Google Cloud Platform) and container/Kubernetes security