Application Security Engineer

Application Security Engineer

Location- Dallas, Texas

Description:

This role is responsible for performing advanced product security testing to strengthen the cybersecurity posture across next generation vehicle and connected services platforms. As part of the Product Security Testing Team (PSTT) within the Product Cybersecurity Group (PCG), the position conducts hands on security assessments, penetration testing, and vulnerability research across APIs, mobile applications (iOS and Android), cloud hosted services, Linux systems, and wireless technologies. Responsibilities include validating security requirements against implementation, developing proof of concept exploits, reverse engineering software components, and clearly communicating security risks and remediation guidance to engineering teams. This role requires strong technical depth, an offensive security mindset, and close collaboration with cross functional stakeholders.

Responsibility:

• Conduct analysis of security requirements specifications against implementation

• Perform security assessments and penetration testing including but not limited to mobile applications (iOS and Android), wireless security, APIs, cloud environments, and Linux OS

• Evaluate cloud infrastructure security across AWS, Azure, or Google Cloud Platform environments, including IAM policies, network segmentation, storage configurations, and serverless architectures

• Assess container and orchestration security (Docker, Kubernetes) for vehicle-connected cloud services and microservices deployments

• Review cloud-native application security controls such as API gateways, service meshes, secrets management, and logging/monitoring configurations

• Communicate complex technical findings and recommend the appropriate course of action, supporting the mitigation and re-validation efforts

• Support testing Connected Services ecosystems to identify and report security vulnerabilities and ensure compliance with security standards

• Develop and maintain security testing tools to support penetration testing and security verification activities, ensuring thorough identification of vulnerabilities

• Develop skills through continuous learning and apply what you have learned relevant to emerging attack vectors, vulnerabilities, and exploits across application and cloud domains

• Travel to clients or partners sites as needed to provide on-site support for security testing and verification activities

Requirements:

•             Demonstrates strong capability in conducting penetration testing and security assessments across applications, APIs, cloud environments, operating systems, and wireless technologies to identify, validate, and prioritize security risks

•             Applies deep knowledge of application, API, and cloud security principles—including authentication, authorization, and secure architectures, to assess real world risk and recommend effective mitigations

•             Analyzes complex systems, reverse engineers software components, and develops proof of concept exploits to understand root causes, attack paths, and potential impact

•             Collaborates effectively with engineering and product teams to communicate findings, influence secure design decisions, and support remediation and re validation efforts

•             Develops or enhances security testing tools, scripts, and automation to improve testing efficiency, consistency, and coverage

•             Continuously builds knowledge of emerging attack techniques, vulnerabilities, and security trends and applies learnings to improve security testing effectiveness