Lead Application Security Engineer - 19562Cox Automotive • Redan, GA, US
Lead Application Security Engineer - 19562
Cox Automotive • Redan, GA, US
16 hours ago
Job type
- Full-time
Job descriptionBachelor's degree in a related discipline and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years' experience; a Ph.D. and 1 year of experience; or 18 years' experience in a related field 2 years in Application / Product security or software engineering with a strong security focus. Hands on depth with modern SDLC / DevSecOps in cloud-native environments : microservices, APIs, containers / Kubernetes, serverless, IaC (Terraform / CloudFormation / ARM / Bicep), and CI / CD integration. Practical expertise operating and tuning SAST, DAST, SCA, API testing, IaC / container scanners, plus CNAPP for multi cloud. Scripting / automation proficiency (Python preferred; PowerShell / Bash nice) and REST API integration skills; able to create quick utilities and pipeline jobs to reduce manual effort. Strong knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design patterns, cryptography fundamentals, authN / Z (OAuth2 / OIDC / JWT), and common web / API vulns and mitigations. Experience triaging responsible disclosure or bug bounty reports and driving coordinated remediation with product teams. Excellent communicator who can simplify complex risk for engineers and leaders; bias to action and measurable outcomes. Familiarity with software supply chain security (SBOMs, signing, provenance, dependency risk) and runtime protection (RASP, WAF / WL, EDR for containers). Strong understanding of cloud architecture and infrastructure Collaborate with AI agents to build, test, and deploy software across the SDLC, by using proper contextual inputs to improve AI understanding and output quality. Implement AI-powered features and pipelines in our software Contribute to prompt engineering experimentation and share tool usage insights. Define coding standards, review practices, and ethical guidelines for AI use. Mentor peers and coach junior team members on AI-augmented development. Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship. No OPT, CPT, STEM / OPT or visa sponsorship now or in future. WAF engineering experience (policy design, tuning, false positive management, bot / rate limit controls, logging / observability, blue / green rollout). Certifications (e.g., CISSP, CSSLP, GWAPT, GCSA, GCP / AWS / Azure security) are a plus. Experience with API security (OWASP API Top 10), Proactive Threat Response, Responsible Disclosure workflows is a plus.
The Lead Application Security Engineer will partner with Security Engineering Enablement and Security Architecture to design and ship secure software : secure code reviews and help define requirements on prerelease control validation (SAST / DAST / SCA, API security, Container / IaC scans). Drive fix-first coaching-turn findings into clear remediation guidance and code examples, to help teams remediate security findings.
The team is the Center of Excellence (COE) for Application Security, Web Application Firewalls and Cloud Security. In this capacity, the Lead AppSec Engineer can provide advice and guidance to teams in these areas to support the established standards and policies, in the form of Office Hours, Brown Bags or team consultation sessions.
Primary Responsibilities :
- Operate, administer, and continuously improve our off the shelf AppSec and CloudSec tools (WAF infrastructure management, user onboarding, policy / config, integrations).
- Triage and disposition vulnerabilities across SAST / DAST / SCA / API / IaC / CSPM sources; lead false positive reviews and suppression / exception workflows with strong audit trails.
- Partner with Cloud Platform teams to harden AWS / Azure / GCP environments using CSPM / CNAPP controls, guardrails, and baselines; guide secure patterns for serverless, containers / Kubernetes, and secrets management.
- Support system administration, configuration, and maintenance for the AppSec / CloudSec / WAF toolset (identity / roles, agent health, connectors, backups, upgrades, and DR testing).
- Evaluate security tools on an ongoing basis, to ensure we are leveraging the best toolset that meets the enterprise's needs
- Serve as first-line triage for Responsible Disclosure submissions, reproduce issues, determine severity / impact, assign owners / SLAs, and track to closure.
- Ensure consistent communications with Responsible Disclosure reporters and internal stakeholders and maintain accurate records for compliance.
- Use scripting / automation (Python, PowerShell, Bash, REST APIs, Terraform modules, GitHub Actions / Azure DevOps / GitLab CI) for ad hoc fixes and to reduce toil (bulk policy changes, project provisioning, baseline exceptions, report consolidation).
- Stakeholder for helping design Secure Pipelines to be implemented by the Security Engineering Enablement team
Minimum Qualifications :
Preferred skills :
USD 119,600.00 - 199,400.00 per year
Compensation :
Compensation includes a base salary of $119,600.00 - $199,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits :
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Create a job alert for this search
Application Security Engineer • Redan, GA, US
Related jobs
Will work 100% onsite in Fayetteville GA •.Seeking Level 4 Datacenter Technicians •.Team will be handling troubleshooting of large GPU deployments inside of a hyperscale enterprise DC environment in ...Show more
ScioTeq Rugged Computing products are designed to meet extreme operating environments governed by MIL STD and EN military specifications.
These products are rarely sold as “off the shelf” products.C...Show more
Low Voltage Security Technician.Ernest Biles Dr, Jackson, GA 30233.We are seeking a skilled and experienced Low Voltage Security Technician to join our team.
The ideal candidate will be proficient i...Show more
Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show more
The Lead Application Security Engineer will partner with Security Engineering Enablement and Security Architecture to design and ship secure software : secure code reviews and help define requiremen...Show more
This Engineer role, part of GSOC's Security Operations department, is responsible for protecting the cyber assets that support GSOC and GTC's digital operations.
The position focuses on conducting c...Show more
The Senior Lead Cybersecurity Architect is responsible for defining the principles, standards, and design patterns to build secure products and enterprise tools for all of Cox Automotive's multi-cl...Show more Security Client and Vendor Compliance Lead.This leader will implement and manage boarding / due diligence required for third party service providers and ensure operating effectiveness over time.Overs...Show more We are seeking a seasoned technician to lead the installation of security systems, including access control and CCTV.This role involves working alongside other experienced technicians to perform fu...Show more 
How would you like to work in a place where your contributions and ideas are valued? A place where you can serve with compassion, pursue excellence and honor every voice? At Wellstar, our mission i...Show more
Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show more
We’re looking for a seasoned Senior Security Engineer with 5–10 years of hands-on experience in cybersecurity, with a strong focus on AWS cloud environments.
This role demands a deep com...Show more Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show more This Engineer role, part of GSOC's Security Operations department, is responsible for protecting the cyber assets that support GSOC and GTC's digital operations.
The position focuses on conducting c...Show more 
Join our dynamic team as a Senior Application Security Engineer, where you'll play a pivotal role in partnering with Security Engineering Enablement and Security Architecture to design and deliver ...Show more
Application Security (Fortify & Web Inspect) Client.Client Bill Rate 60 / hr Location : Alpharetta, GA Total Positions : 6.
Hands on experience with security testing tools including Fortify, WebInspect,...Show more
We are a company that helps businesses test the accuracy and usability of their websites, applications, and hardware through freelance software testing and feedback.
You can get paid to help us shap...Show more
By clicking the “Apply” button, I understand that my employment application process with Takeda will commence and that the information I provide in my application will be processed in line with Tak...Show more
Level 4 Datacenter Technician
TEKsystems • Fayetteville, GA, United States
Full-time
Last updated: 25 days ago • Promoted
Development Engineer Electronics Defense & Security
ScioTeq BV • Duluth, GA, US
Full-time
Last updated: 26 days ago
Low Voltage Security Technician
Atlanta Access Controls, Inc • Jackson, GA, US
Full-time
Last updated: 30+ days ago • Promoted
Border Patrol Agent - Earn up to $30,000 in Recruitment Incentives
U.S. Customs and Border Protection • Monticello, GA, US
Full-time
Last updated: 1 day ago • Promoted
Lead Application Security Engineer
Cox • Sandy Springs, GA, United States
Full-time
Last updated: 2 days ago • Promoted
Security Operations Engineer, (Level III- V)
Oglethorpe Power • Tucker, GA, US
Full-time
Last updated: 30+ days ago • Promoted
Senior Lead Cloud Security Architect
Cox Automotive • Redan, GA, United States
Full-time
Last updated: 30+ days ago • Promoted
Security Client and Vendor Compliance Lead
Cox Automotive • Redan, GA, United States
Full-time
Last updated: 30+ days ago • Promoted
Install Specialist
TEKsystems • Duluth, GA, United States
Full-time
Last updated: 5 days ago • Promoted
Mammography Tech PRN
Wellstar Health Systems, Inc. • Griffin, GA, US
Full-time
Last updated: 16 days ago • Promoted
Border Patrol Agent
U.S. Customs and Border Protection • Monticello, Georgia, US
Permanent
Last updated: 30+ days ago • Promoted
Sr. Security Engineer - Hybrid Opportunity (Based in West Des Moines, IA)
The Mutual Group • Duluth, GA, US
Full-time
Last updated: 20 days ago • Promoted
U.S. Border Patrol Agent
U.S. Customs and Border Protection • Monticello, GA, US
Full-time
Last updated: 1 day ago • Promoted
Security Operations Engineer (Levels III - V)
Oglethorpe Power • Tucker, GA, US
Full-time
Last updated: 30+ days ago • Promoted
Senior Application Security Engineer
Cox Automotive • Tucker, GA, United States
Full-time
Last updated: 18 hours ago • Promoted • New!
Application Security
ClifyX • Alpharetta, GA, United States
Full-time
Last updated: 2 days ago • Promoted
Earn $120 Testing Future Tech Products!!!
uTest by Applause • Mansfield, GA, US
Full-time +1
Last updated: 1 day ago • Promoted
Lab Technician - 2nd Shift
Biolife Plasma Services • SOCIAL CIRCLE, GA, US
Full-time
Last updated: 16 hours ago • Promoted • New!