Senior Application Security Engineer

Overview

Hybrid
Depends on Experience
Full Time

Skills

application security
network security
web application security
cloud security
devsecops
cicd
kubernetes
aws
vulnerability
python
java
powershell
bash
penetration testing

Job Details

Senior Application Security Engineer

Salary: Open + Bonus

Location: Chicago, IL or Coppell, TX

Hybrid: 3 days onsite, 2 days remote

*We are unable to provide sponsorship for this role*

Qualifications

  • Bachelor s degree
  • 5+ Years experience in Application Security or Information Security environment.
  • Strong proficiency application security and vulnerability management.
  • Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.)
  • Experience writing scripts and working with containers in a CI/CD pipeline.
  • Deep knowledge of common web, API and cloud vulnerabilities (e.g. OWASP Top 10, CWE, auth flaws etc.).
  • Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications.
  • Familiarity with secure coding principles across multiple languages (python, Java, JavaScript etc.)
  • Strong experience with custom scripting (python, C++, PowerShell, bash, etc.) and process automation.
  • Familiarity with Kubernetes security, container scanning and cloud infrastructure as code.
  • Exposure to security architecture design through application development or knowledge of security concepts/best practices.

Responsibilities

  • Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC.
  • Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows.
  • Define and improve secure SDLC processes designing and implementing a developer friendly secure SDLC framework
  • Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery.
  • Build out process for threat modelling and secure design review process.
  • Implement security for supply chain security, AI/ML application security, Open source etc.
  • Review reports of the testing and conduct security risk assessments of the vulnerabilities.
  • Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams.
  • Assist with application security vulnerability management including implementation of new vulnerability management tools.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.