Lead Application Security Engineer
United States of America
Full Time
1 hour ago
$8,625 - $11,557 USD
No H1B
Key skills
JavaC#C.NETAIAgenticAngularJSGraphQLTDDJiraAgileSDLCCommunicationCollaborationOWASPPenetration Testing
About this role
California Correctional Health Care Services is seeking a highly skilled Lead Application Security Engineer to help secure business-critical web applications and emerging AI-enabled applications. In this role, you will work closely with developers and technology leaders to identify risks and improve secure development practices.
Responsibilities:
- Lead application security initiatives using Secure SDLC, threat modeling, OWASP, AI TRiSM and NIST best practices
- Perform application security architecture reviews, application code reviews, vulnerability assessments, and application penetration testing activities
- Drive BRD, TDD, SDD, design, and code reviews with a security-risk lens; estimate effort for SAST, DAST, IAST, and application penetration-testing initiatives
- Own and advance AI powered application security strategy to safeguard applications, micro-segmentation, microservices, APIs, and UI components
- Execute Quality Agile + DevSecOps transformation activities to improve end-to-end application security across the enterprise
- Perform application vulnerability exploitation, application security audits, and application penetration testing to identify and mitigate high-risk exposures
Requirements:
- 5+ years of application security experience, including securing applications with privacy, and regulatory compliance (PII, PHI, PCI)
- Hands-on experience with SAST, DAST, IAST, application penetration testing, and fuzz testing tools used by ethical hackers for the AI era
- Exposure to one or more application development frameworks: C#, .NET, Java, jQuery, AngularJS, ReactJS, GraphQL, Web APIs/Services, XML and Agentic AI
- Strong knowledge of application threat modeling, continuous protection via RASP, ADR or unified security platform and AI Security methodologies
- Ability to research emerging application security technologies, zero-day vulnerabilities, AI TRiSM framework and best practices
- Experience securing Web, Cloud, Agentic AI applications and Ethical Hacking, or Application PenTest certifications are a plus
- Experience implementing application security controls and application security testing solutions through the software development lifecycle – Secure SDLC
- Working knowledge of JIRA or similar defect-tracking systems and Work Breakdown Structures
- Excellent communication, presentation and collaboration skills