Overview
On Site
Full Time
Skills
Information Security
Leadership
Quality Assurance
Quality Control
Satellite
Onboarding
Design Review
Continuous Integration
Continuous Delivery
Reporting
KPI
Dashboard
Apache Velocity
Design Patterns
Software Security
DevSecOps
Microservices
SANS
Agile
GitHub
JIRA
DevOps
Regulatory Compliance
ISO/IEC 27001:2005
Security QA
Software Development Methodology
Threat Modeling
OWASP
Communication
Mentorship
Training
Management
Fortify
SCA
Cloud Computing
Amazon Web Services
Google Cloud Platform
Google Cloud
Terraform
Microsoft Azure
Progress Chef
Ansible
Blockchain
Privacy
Marketing
Job Details
Location: Charlotte, NC
Description:
Information Security Engineer 4
Location: Charlotte, NC/ Chandler, AZ/ Dallas, TX/ Minneapolis, MN - Hybrid
About the Role
We are looking for a Lead Information Security Engineer to support the Application Security Champion (ASC) program. As a Core Application Security Champion (Core ASC), you will play a critical role in scaling security across thousands of global applications. You will provide technical expertise, mentorship, and security enablement while collaborating with engineering teams and leadership.
Key Responsibilities
Provide deep technical guidance on secure coding, vulnerability remediation, threat modeling, and security tools.
Act as the escalation point for Satellite ASCs, ensuring QA/QC of security findings in high-risk environments.
Lead the Satellite ASC onboarding, training, and mentorship program.
Conduct secure design reviews, code analysis, and architecture consultations across development teams.
Manage security automation in CI/CD pipelines (SAST, SCA, secrets scanning, IaC reviews).
Track and report security KPIs and metrics dashboards to measure program effectiveness.
Shape policy frameworks to balance developer velocity with security assurance.
Define secure design patterns and risk control objectives for cloud and enterprise systems.
Oversee critical security findings escalation, ensuring alignment with enterprise risk tolerance.
Coach Core ASCs to increase overall impact and effectiveness of the program.
Minimum Qualifications
5+ years of experience in application security, secure development, or DevSecOps.
Strong expertise in modern application architectures (cloud-native, microservices, APIs).
Experience scaling security programs in federated or decentralized models.
Certifications such as CSSLP, GWAPT, OSWE, or SANS/GIAC (GSSP, GWEB, etc.).
Experience working in Agile/DevOps environments using GitHub, Jira, Azure DevOps.
Familiarity with security compliance frameworks (NIST, ISO 27001, CRI Profile).
Proficiency with security testing tools (SAST, DAST, SCA, GHAS) and manual code reviews.
Knowledge of secure SDLC principles, threat modeling methodologies (STRIDE, PASTA), and OWASP standards.
Excellent communication and mentoring skills with experience training developers.
Ability to manage competing priorities and influence teams without direct authority.
Preferred Qualifications (Nice to Have)
1+ year of experience with Fortify Code Analyzer, CheckMarx, Black Duck SCA, or SAST.
Experience scaling security programs in federated or decentralized models.
Familiarity with cloud IAM platforms (Azure, AWS, Google Cloud Platform).
Experience with Policy-as-Code tools (Terraform, Azure Resource Manager, Chef, Ansible).
Understanding of emerging IAM technologies (decentralized identity, blockchain-based security).
By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.
Contact:
This job and many more are available through The Judge Group. Please apply with us today!
Description:
Information Security Engineer 4
Location: Charlotte, NC/ Chandler, AZ/ Dallas, TX/ Minneapolis, MN - Hybrid
About the Role
We are looking for a Lead Information Security Engineer to support the Application Security Champion (ASC) program. As a Core Application Security Champion (Core ASC), you will play a critical role in scaling security across thousands of global applications. You will provide technical expertise, mentorship, and security enablement while collaborating with engineering teams and leadership.
Key Responsibilities
Provide deep technical guidance on secure coding, vulnerability remediation, threat modeling, and security tools.
Act as the escalation point for Satellite ASCs, ensuring QA/QC of security findings in high-risk environments.
Lead the Satellite ASC onboarding, training, and mentorship program.
Conduct secure design reviews, code analysis, and architecture consultations across development teams.
Manage security automation in CI/CD pipelines (SAST, SCA, secrets scanning, IaC reviews).
Track and report security KPIs and metrics dashboards to measure program effectiveness.
Shape policy frameworks to balance developer velocity with security assurance.
Define secure design patterns and risk control objectives for cloud and enterprise systems.
Oversee critical security findings escalation, ensuring alignment with enterprise risk tolerance.
Coach Core ASCs to increase overall impact and effectiveness of the program.
Minimum Qualifications
5+ years of experience in application security, secure development, or DevSecOps.
Strong expertise in modern application architectures (cloud-native, microservices, APIs).
Experience scaling security programs in federated or decentralized models.
Certifications such as CSSLP, GWAPT, OSWE, or SANS/GIAC (GSSP, GWEB, etc.).
Experience working in Agile/DevOps environments using GitHub, Jira, Azure DevOps.
Familiarity with security compliance frameworks (NIST, ISO 27001, CRI Profile).
Proficiency with security testing tools (SAST, DAST, SCA, GHAS) and manual code reviews.
Knowledge of secure SDLC principles, threat modeling methodologies (STRIDE, PASTA), and OWASP standards.
Excellent communication and mentoring skills with experience training developers.
Ability to manage competing priorities and influence teams without direct authority.
Preferred Qualifications (Nice to Have)
1+ year of experience with Fortify Code Analyzer, CheckMarx, Black Duck SCA, or SAST.
Experience scaling security programs in federated or decentralized models.
Familiarity with cloud IAM platforms (Azure, AWS, Google Cloud Platform).
Experience with Policy-as-Code tools (Terraform, Azure Resource Manager, Chef, Ansible).
Understanding of emerging IAM technologies (decentralized identity, blockchain-based security).
By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.
Contact:
This job and many more are available through The Judge Group. Please apply with us today!
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.