Lead Application Security Engineer

The Lead Application Security Engineer will partner with Security Engineering Enablement and Security Architecture to design and ship secure software : secure code reviews and help define requirements on prerelease control validation (SAST / DAST / SCA, API security, Container / IaC scans). Drive fix-first coaching-turn findings into clear remediation guidance and code examples, to help teams remediate security findings.

The team is the Center of Excellence (COE) for Application Security, Web Application Firewalls and Cloud Security. In this capacity, the Lead AppSec Engineer can provide advice and guidance to teams in these areas to support the established standards and policies, in the form of Office Hours, Brown Bags or team consultation sessions.

Primary Responsibilities :

• Operate, administer, and continuously improve our off the shelf AppSec and CloudSec tools (WAF infrastructure management, user onboarding, policy / config, integrations).
• Triage and disposition vulnerabilities across SAST / DAST / SCA / API / IaC / CSPM sources; lead false positive reviews and suppression / exception workflows with strong audit trails.
• Partner with Cloud Platform teams to harden AWS / Azure / GCP environments using CSPM / CNAPP controls, guardrails, and baselines; guide secure patterns for serverless, containers / Kubernetes, and secrets management.
• Support system administration, configuration, and maintenance for the AppSec / CloudSec / WAF toolset (identity / roles, agent health, connectors, backups, upgrades, and DR testing).
• Evaluate security tools on an ongoing basis, to ensure we are leveraging the best toolset that meets the enterprise's needs
• Serve as first-line triage for Responsible Disclosure submissions, reproduce issues, determine severity / impact, assign owners / SLAs, and track to closure.
• Ensure consistent communications with Responsible Disclosure reporters and internal stakeholders and maintain accurate records for compliance.
• Use scripting / automation (Python, PowerShell, Bash, REST APIs, Terraform modules, GitHub Actions / Azure DevOps / GitLab CI) for ad hoc fixes and to reduce toil (bulk policy changes, project provisioning, baseline exceptions, report consolidation).
• Stakeholder for helping design Secure Pipelines to be implemented by the Security Engineering Enablement team

Minimum Qualifications :

Preferred skills :

USD 119,600.00 - 199,400.00 per year

Compensation :

Compensation includes a base salary of $119,600.00 - $199,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.

Benefits :

The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.