Lead Application Security Engineer - 19562
Cox AutomotiveLithia Springs, GA, United States30+ days ago
Job type
- Full-time
Job descriptionBachelor's degree in a related discipline and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years' experience; a Ph.D. and 1 year of experience; or 18 years' experience in a related field 2 years in Application / Product security or software engineering with a strong security focus. Hands on depth with modern SDLC / DevSecOps in cloud-native environments : microservices, APIs, containers / Kubernetes, serverless, IaC (Terraform / CloudFormation / ARM / Bicep), and CI / CD integration. Practical expertise operating and tuning SAST, DAST, SCA, API testing, IaC / container scanners, plus CNAPP for multi cloud. Scripting / automation proficiency (Python preferred; PowerShell / Bash nice) and REST API integration skills; able to create quick utilities and pipeline jobs to reduce manual effort. Strong knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design patterns, cryptography fundamentals, authN / Z (OAuth2 / OIDC / JWT), and common web / API vulns and mitigations. Experience triaging responsible disclosure or bug bounty reports and driving coordinated remediation with product teams. Excellent communicator who can simplify complex risk for engineers and leaders; bias to action and measurable outcomes. Familiarity with software supply chain security (SBOMs, signing, provenance, dependency risk) and runtime protection (RASP, WAF / WL, EDR for containers). Strong understanding of cloud architecture and infrastructure Collaborate with AI agents to build, test, and deploy software across the SDLC, by using proper contextual inputs to improve AI understanding and output quality. Implement AI-powered features and pipelines in our software Contribute to prompt engineering experimentation and share tool usage insights. Define coding standards, review practices, and ethical guidelines for AI use. Mentor peers and coach junior team members on AI-augmented development. Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship. No OPT, CPT, STEM / OPT or visa sponsorship now or in future. WAF engineering experience (policy design, tuning, false positive management, bot / rate limit controls, logging / observability, blue / green rollout). Certifications (e.g., CISSP, CSSLP, GWAPT, GCSA, GCP / AWS / Azure security) are a plus. Experience with API security (OWASP API Top 10), Proactive Threat Response, Responsible Disclosure workflows is a plus.
The Lead Application Security Engineer will partner with Security Engineering Enablement and Security Architecture to design and ship secure software : secure code reviews and help define requirements on prerelease control validation (SAST / DAST / SCA, API security, Container / IaC scans). Drive fix-first coaching-turn findings into clear remediation guidance and code examples, to help teams remediate security findings.
The team is the Center of Excellence (COE) for Application Security, Web Application Firewalls and Cloud Security. In this capacity, the Lead AppSec Engineer can provide advice and guidance to teams in these areas to support the established standards and policies, in the form of Office Hours, Brown Bags or team consultation sessions.
Primary Responsibilities :
- Operate, administer, and continuously improve our off the shelf AppSec and CloudSec tools (WAF infrastructure management, user onboarding, policy / config, integrations).
- Triage and disposition vulnerabilities across SAST / DAST / SCA / API / IaC / CSPM sources; lead false positive reviews and suppression / exception workflows with strong audit trails.
- Partner with Cloud Platform teams to harden AWS / Azure / GCP environments using CSPM / CNAPP controls, guardrails, and baselines; guide secure patterns for serverless, containers / Kubernetes, and secrets management.
- Support system administration, configuration, and maintenance for the AppSec / CloudSec / WAF toolset (identity / roles, agent health, connectors, backups, upgrades, and DR testing).
- Evaluate security tools on an ongoing basis, to ensure we are leveraging the best toolset that meets the enterprise's needs
- Serve as first-line triage for Responsible Disclosure submissions, reproduce issues, determine severity / impact, assign owners / SLAs, and track to closure.
- Ensure consistent communications with Responsible Disclosure reporters and internal stakeholders and maintain accurate records for compliance.
- Use scripting / automation (Python, PowerShell, Bash, REST APIs, Terraform modules, GitHub Actions / Azure DevOps / GitLab CI) for ad hoc fixes and to reduce toil (bulk policy changes, project provisioning, baseline exceptions, report consolidation).
- Stakeholder for helping design Secure Pipelines to be implemented by the Security Engineering Enablement team
Minimum Qualifications :
Preferred skills :
USD 119,600.00 - 199,400.00 per year
Compensation :
Compensation includes a base salary of $119,600.00 - $199,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits :
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Create a job alert for this search
Application Security Engineer • Lithia Springs, GA, United States
Related jobs
As a Senior Staff Information Security Engineer, this position will take on complex and autonomous roles, often leading initiatives to improve system reliability and efficiency.This role will contr...Show moreLast updated: 2 days ago
This role requires a deep understanding of wireless security protocols, attack methodologies, and network segmentation techniques.
Assess rogue access points and wireless segmentation effectiveness....Show moreLast updated: 7 hours ago
This candidate will be allowed to work remotely.All remote work must be completed in the United States.The contractor may be required to come onsite in Raleigh, NC, or to different healthcare facil...Show moreLast updated: 30+ days ago
This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted.Join AT&T and reimagine the communications and technologies that connect the wor...Show moreLast updated: 11 days ago
Do you possess an understanding of security controls and their implementation within complex IT environments?.Do you have demonstrated experience in implementing and managing continuous monitoring ...Show moreLast updated: 9 days ago
Competitive, based on experience.We are seeking a highly skilled professional with expertise in programming, networking, and security.
This role demands strong leadership and communication abilities...Show moreLast updated: 16 hours ago
ImagineX is a tech company that deploys AI-assisted teams to build and secure mission-critical enterprise solutions with our clients – spanning software, cybersecurity, data, and AI.Structure...Show moreLast updated: 30+ days ago
Meta), formerly known as Facebook Inc.When Facebook launched in 2004, it changed the way people connect.Apps and services like Messenger, Instagram, and WhatsApp further empowered billions around t...Show moreLast updated: 22 hours ago
Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology.
As one of the world's leading em...Show moreLast updated: 13 days ago
Do you possess an understanding of security controls and their implementation within complex IT environments?.Do you have demonstrated experience in implementing and managing continuous monitoring ...Show moreLast updated: 13 days ago
The primary responsibility ofthis position is to serve as a hands-on information security expert inoverseeing and ensuring that the appropriate level of operational security isimplemented and maint...Show moreLast updated: 2 days ago
Our Fortune 500 company is driving a digital transformation and looking for forward-thinking innovators to disrupt how our industry thinks about and uses technology.
As one of the world's leading em...Show moreLast updated: 2 days ago
The Lead Application Security Engineer will partner with Security Engineering Enablement and Security Architecture to design and ship secure software : secure code reviews and help define requiremen...Show moreLast updated: 30+ days ago
Lead Adversarial Security Engineer.Trellix, the trusted CISO ally, is redefining the future of cybersecurity and soulful work.
Our comprehensive, GenAI-powered platform helps organizations confronte...Show moreLast updated: 2 days ago
US Citizen, GC Holders or Authorized to Work in the U.The Security Engineering team empowers the Global Information and Content Security (GICS) teams by supporting the Security Engineering, Securit...Show moreLast updated: 9 days ago
Do you possess an understanding of security controls and their implementation within complex IT environments?.Do you have demonstrated experience in implementing and managing continuous monitoring ...Show moreLast updated: 13 days ago
Job Title : Security Engineer Duration : 12 – 24 Month Project Engagement Role Summary : The Security Engineer is a hands-on technical expert responsible for implementing, maintaining, and optimizing ...Show moreLast updated: 10 days ago Job Title : AppSec Analyst DAST Duration : 12 – 24 Month Project Engagement Role Summary : The AppSec Analyst DAST is responsible for finding and remediating security vulnerabilities in Client's runni...Show moreLast updated: 10 days ago
- Promoted
Security Engineer
TCS CT USAAvance ConsultingAtlanta, GA, United StatesFull-time
- New!
Wireless Security Analyst
vTech SolutionAtlanta, GA, United StatesFull-time
Quick Apply
A 44 / 77 - 750759 - Security Engineer
Focused HR SolutionsAtlanta, Georgia, United StatesFull-time
Quick Apply
- Promoted
Lead Cybersecurity - Application Security DevSecOps Engineer
AT&TAtlanta, GA, United StatesFull-time
- Promoted
Senior Security Engineer II
RELX Group plcAlpharetta, GA, United StatesPart-time
- Promoted
- New!
Security Engineer
ArtechAtlanta, GA, United StatesFull-time
Senior Application Security Engineer
ImagineX ConsultingAtlanta, GA, USFull-time
Quick Apply
- Promoted
- New!
Security Engineer
Meta IncAtlanta, GA, United StatesFull-time
- Promoted
Senior Security Engineer
UnumAtlanta, GA, United StatesFull-time
- Promoted
Senior Security Engineer II
RELXAlpharetta, GA, United StatesPart-time
- Promoted
Security Engineer
Douglas County, GADouglasville, GA, United StatesFull-time
- Promoted
Senior Security Engineer
Unum GroupAtlanta, GA, United StatesFull-time
- Promoted
Lead Application Security Engineer - 19562
Cox AutomotivePanthersville, GA, United StatesFull-time
- Promoted
Lead Adversarial Security Engineer
TrellixAtlanta, GA, United StatesFull-time
- Promoted
Security Engineer
INSPYR SolutionsAtlanta, GA, United StatesFull-time
- Promoted
Senior Security Engineer II
LexisNexisAlpharetta, GA, United StatesPart-time
- Promoted
Security Engineer
Datamtx LLCPeachtree City, GA, USFull-time
- Promoted
AppSec Analyst DAST (Application Security)
Datamtx LLCPeachtree City, GA, USFull-time