Lead Application Security Engineer - 19562

The Lead Application Security Engineer will partner with

Security Engineering Enablement and Security Architecture to design

and ship secure software : secure code reviews and help define

requirements on prerelease control validation (SAST / DAST / SCA, API

security, Container / IaC scans). Drive fix-first coaching-turn

findings into clear remediation guidance and code examples, to help

teams remediate security findings.

The team is

the Center of Excellence (COE) for Application Security, Web

Application Firewalls and Cloud Security. In this capacity, the

Lead AppSec Engineer can provide advice and guidance to teams in

these areas to support the established standards and policies, in

the form of Office Hours, Brown Bags or team consultation

sessions.

Primary

Responsibilities : Operate,

administer, and continuously improve our off the shelf AppSec and

CloudSec tools (WAF infrastructure management, user onboarding,

policy / config, integrations).

Triage and

disposition vulnerabilities across SAST / DAST / SCA / API / IaC / CSPM

sources; lead false positive reviews and suppression / exception

workflows with strong audit trails.

Partner

with Cloud Platform teams to harden AWS / Azure / GCP environments

using CSPM / CNAPP controls, guardrails, and baselines; guide secure

patterns for serverless, containers / Kubernetes, and secrets

management.

Support system administration,

configuration, and maintenance for the AppSec / CloudSec / WAF toolset

(identity / roles, agent health, connectors, backups, upgrades, and

DR testing).

Evaluate security tools on an

ongoing basis, to ensure we are leveraging the best toolset that

meets the enterprise's needs

Serve as

first-line triage for Responsible Disclosure submissions, reproduce

issues, determine severity / impact, assign owners / SLAs, and track to

closure.

Ensure consistent communications with

Responsible Disclosure reporters and internal stakeholders and

maintain accurate records for compliance.

Use

scripting / automation (Python, PowerShell, Bash, REST APIs,

Terraform modules, GitHub Actions / Azure DevOps / GitLab CI) for ad

hoc fixes and to reduce toil (bulk policy changes, project

provisioning, baseline exceptions, report

consolidation).

Stakeholder for helping design

Secure Pipelines to be implemented by the Security Engineering

Enablement

team

Minimum

Qualifications : Bachelor's

degree in a related discipline and 6 years' experience in a related

field. The right candidate could also have a different combination,

such as a master's degree and 4 years' experience; a Ph.D. and 1

year of experience; or 18 years' experience in a related

field

2 years in Application / Product security

or software engineering with a strong security

focus.

Hands on depth with modern

SDLC / DevSecOps in cloud-native environments : microservices, APIs,

containers / Kubernetes, serverless, IaC

(Terraform / CloudFormation / ARM / Bicep), and CI / CD

integration.

Practical expertise operating and

tuning SAST, DAST, SCA, API testing, IaC / container scanners, plus

CNAPP for multi cloud.

Scripting / automation

proficiency (Python preferred; PowerShell / Bash nice) and REST API

integration skills; able to create quick utilities and pipeline

jobs to reduce manual effort.

Strong knowledge

of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design

patterns, cryptography fundamentals, authN / Z (OAuth2 / OIDC / JWT), and

common web / API vulns and

mitigations.

Experience triaging responsible

disclosure or bug bounty reports and driving coordinated

remediation with product teams.

Excellent

communicator who can simplify complex risk for engineers and

leaders; bias to action and measurable

outcomes.

Familiarity with software supply

chain security (SBOMs, signing, provenance, dependency risk) and

runtime protection (RASP, WAF / WL, EDR for

containers).

Strong understanding of cloud

architecture and infrastructure

Collaborate

with AI agents to build, test, and deploy software across the SDLC,

by using proper contextual inputs to improve AI understanding and

output quality.

Implement AI-powered features

and pipelines in our software

Contribute to

prompt engineering experimentation and share tool usage

insights.

Define coding standards, review

practices, and ethical guidelines for AI

use.

Mentor peers and coach junior team members

on AI-augmented development.

Applicants must

currently be authorized to work in the United States for any

employer without current or future sponsorship. No OPT, CPT,

STEM / OPT or visa sponsorship now or in

future.

Preferred

skills : WAF

engineering experience (policy design, tuning, false positive

management, bot / rate limit controls, logging / observability,

blue / green rollout).

Certifications (e.g.,

CISSP, CSSLP, GWAPT, GCSA, GCP / AWS / Azure security) are a

plus.

Experience with API security (OWASP API

Top 10), Proactive Threat Response, Responsible Disclosure

workflows is a plus.

USD

119,600.00 - 199,400.00 per

year

Compensation : Compensation

includes a base salary of $119,600.00 - $199,400.00. The base

salary may vary within the anticipated base pay range based on

factors such as the ultimate location of the position and the

selected candidate's knowledge, skills, and abilities. Position may

be eligible for additional compensation that may include an

incentive

program.

Benefits : The

Company offers eligible employees the flexibility to take as much

vacation with pay as they deem consistent with their duties, the

company's needs, and its obligations; seven paid holidays

throughout the calendar year; and up to 160 hours of paid wellness

annually for their own wellness or that of family members.

Employees are also eligible for additional paid time off in the

form of bereavement leave, time off to vote, jury duty leave,

volunteer time off, military leave, and parental leave.