drjobs Senior Application Security Engineer
  1. Home
  2. Jobs In USA
  3. Jobs In Pennsylvania
  4. Jobs In Pittsburgh, PA
  5. Senior Application Security Engineer

Senior Application Security Engineer

HDJ & Associates, Inc.
Posted on : 22-04-2025

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
drjobs
Register to Apply Apply Now
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Jobs by Experience drjobs

5years

Job Location drjobs

Pittsburgh, PA - USA

Monthly Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Posted on : 22-04-2025

Job Description

Are you ready to elevate security practices to new heights Our client is looking for a dynamic Senior Application Security Engineer who will revolutionize our application security strategies. This onsite role is the perfect opportunity to collaborate with key stakeholders in Technology Product and Strategic Business Units to tackle the most pressing security challenges headon.

As a Senior Application Security Engineer you will spearhead the secure software development lifecycle embedding cuttingedge security practices at every step of our DevOps pipelines and application security processes. Your expertise in maturity models like DSOMM (DevSecOps Maturity Model) CI/CD pipelines and vulnerability management tools will be crucial in transforming our security landscape. Join forces with our engineering DevOps Product and Technology teams to implement automated security controls threat modeling and risk mitigation strategies that will shape the future of our software development lifecycle.

Key Responsibilities

DevSecOps & Maturity Measurement Implementation:

  • Assess report and assist with improving application security and DevSecOps Maturity utilizing a measurement framework such as DSOMM or BSIMM across the organization.
  • Define and implement security policies standards and best practices for DevOps CI/CD pipelines and cloud security.
  • Work with development and DevOps teams to integrate automated security testing (SAST DAST SCA IaC security scanning etc. into pipelines.
  • Establish security gates in CI/CD workflows to prevent deployment of vulnerable code.
Application Security & Code Vulnerabilities:
  • Perform code reviews static/dynamic security testing (SAST/DAST) and secure coding guidance to developers.
  • Identify and remediate vulnerabilities in application code libraries containers and infrastructure as code (IaC).
  • Develop and enforce secure coding standards in alignment with OWASP NIST and other frameworks.
  • Conduct threat modeling and security architecture reviews for applications and services. For example assist application teams with developing accurate data flow diagrams and developing appropriate identity management solutions.
  • Manage and mature Bot Management services for all applications. Assist with WAF management and maturity.
  • Improve secrets management and API security.

Vulnerability Management & Risk Reduction:

  • Manage and mature enterprisewide Bug Bounty program (e.g. BugCrowd HackerOne)
  • Manage vulnerability scanning tools (e.g. Tenable Qualys Sonar Snyk) and prioritize remediation efforts.
  • Track assess and coordinate the remediation of vulnerabilities across the application infrastructure and cloud environments.
  • Develop riskbased vulnerability management workflows and collaborate with engineering teams to drive fixes.
  • Monitor security dashboards and metrics ensuring vulnerabilities are patched in alignment with SLAs.

Security CI/CD Automation & Tooling:

  • Implement security automation using APIs scripts and cloudnative security controls.
  • Work with DevOps engineers to integrate security tooling (like SemGrep Snyk Cycode) or within Jenkins GitHub GitLab CI/CD or AWS DevOps.
  • Automate security findings triage reporting and prioritization processes.

Security Awareness & Collaboration:

  • Train and mentor developers on secure coding threat modeling DevSecOps and vulnerability management best practices.
  • Collaborate with security operations incident response and compliance teams on security initiatives.
  • Participate in security assessments penetration testing and security incident investigations.


Requirements

Qualifications & Experience
  • Bachelor s Degree in Information Security Cybersecurity Computer Science or a related field OR a minimum of 8 years experience in lieu of a degree. Master s Degree in Cybersecurity Information Technology Business Administration or a related field is preferred.
  • 5 years of experience in application security DevSecOps and security engineering.
  • Handson experience with DevSecOps tools (SAST DAST SCA container security IaC security).
  • Strong knowledge of secure coding principles and frameworks such as OWASP Top 10 SANS CWE Top 25.
  • Experience with integrating security solutions within CI/CD pipelines.
  • High proficiency in at least one programming language (Python Java Go PHP JavaScript etc..
  • Experience with vulnerability management and tools (Tenable Qualys or Rapid7.
  • Experience with web app penetration testing tooling (BurpSuite Acunetix or Zap).
  • Experience with implementing maturity measurement frameworks such as DSOMM (DevSecOps Maturity Model) or BSIMM (Building Security in Maturity Model) in an enterprise setting.
  • Familiarity with cloud security best practices (AWS Azure/Entra GCP).
  • Familiarity with Bot Management tooling (DataDome HUMAN CloudFlare or reCAPTCHA) and clientside monitoring tooling (FullStory Source Defense or Reflectiz).
  • Familiarity with AI machine learning or LLM usage within security tooling.
  • Security certifications like CISSP OSCP GCPN GCSA AWS Security Specialty or CSSLP is preferred.
  • Experience with Infrastructure as Code (Terraform CloudFormation Kubernetes security) is preferred.
  • Knowledge of compliance frameworks such as NIST ISO 27001 SOC 2 PCI DSS and PCI Card Production is preferred.
  • Technical Aptitude: Ability to understand and communicate bestpractice system architectures data flows and security controls within modern web applications and cloud (SaaS/PaaS IaaS).
  • Communication: Excellent verbal and written communication skills with the ability to communicate complex security concepts to technical and nontechnical stakeholders.
  • Strategic Thinking: Ability to develop and implement strategic cybersecurity plans that align with business goals and product advancements.


Qualifications & Experience Bachelor s Degree in Information Security, Cybersecurity, Computer Science, or a related field OR a minimum of 8 years experience in lieu of a degree. Master s Degree in Cybersecurity, Information Technology, Business Administration, or a related field is preferred. 5+ years of experience in application security, DevSecOps, and security engineering. Hands-on experience with DevSecOps tools (SAST, DAST, SCA, container security, IaC security). Strong knowledge of secure coding principles and frameworks such as OWASP Top 10, SANS CWE Top 25. Experience with integrating security solutions within CI/CD pipelines. High proficiency in at least one programming language (Python, Java, Go, PHP, JavaScript, etc.. Experience with vulnerability management and tools (Tenable, Qualys, or Rapid7. Experience with web app penetration testing tooling (BurpSuite, Acunetix, or Zap). Experience with implementing maturity measurement frameworks such as DSOMM (DevSecOps Maturity Model) or BSIMM (Building Security in Maturity Model) in an enterprise setting. Familiarity with cloud security best practices (AWS, Azure/Entra, GCP). Familiarity with Bot Management tooling (DataDome, HUMAN, CloudFlare, or reCAPTCHA) and client-side monitoring tooling (FullStory, Source Defense, or Reflectiz). Familiarity with AI machine learning or LLM usage within security tooling. Security certifications like CISSP, OSCP, GCPN, GCSA, AWS Security Specialty, or CSSLP is preferred. Experience with Infrastructure as Code (Terraform, CloudFormation, Kubernetes security) is preferred. Knowledge of compliance frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, and PCI Card Production is preferred. Technical Aptitude: Ability to understand and communicate best-practice system architectures, data flows, and security controls within modern web applications and cloud (SaaS/PaaS, IaaS). Communication: Excellent verbal and written communication skills, with the ability to communicate complex security concepts to technical and non-technical stakeholders. Strategic Thinking: Ability to develop and implement strategic cybersecurity plans that align with business goals and product advancements.

Education

Bachelors degree preferred.

Employment Type

Full Time

Company Industry

Civil Engineering

Key Skills

Register to Apply
Apply Now

About Company

HDJ & Associates, Inc.
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
Start Now

Dr.Job AutoApply

3X your job search with AutoApply's AI for faster dream job results.

Similar Jobs

Senior Security Engineer

Mirantis -

Senior Software Engineer - Security Center

Servicenow -

Application Support

Inetum - Porto

Staff Software Engineer - Security Center

Servicenow -

Sr. Cybersecurity Engineer - Endpoint Security

Visa - Loudoun County , VA

Specialist Application Architecture

Anglo American / De Beers Group - Johannesburg

Application Support Analyst

Rest - Sydney

Senior Counsel, Legal Privacy & Data Security

Abbvie - North Chicago , IL
  1. Home
  2. Jobs In USA
  3. Jobs In Pennsylvania
  4. Jobs In Pittsburgh, IL
  5. Senior Application Security Engineer
About Drjobpro.com

Dr. Job is an online platform that connects employers with skilled job seekers, facilitating the search for job opportunities and top talent. Established in 2015. Dr. Job Pro has emerged as the world premier job portal, attracting thousands of job seekers every day from all over the world.

Follow Dr.Job

LinkedIn Drjobpro Facebook Drjobpro Twitter Drjobpro Instagram Drjobpro Youtube Drjobpro Tiktok Drjobpro SnapChat Drjobpro
Payment accepted icon

Dr Job FZ LLC. 2025 © All Rights Reserved

Terms of Use Privacy Policy Cookie Policy

Company

About

How it Works

SiteMap

Contact Us

Blog

Popular Searches

Popular jobs in worldwide

Employer

Post Job Free

CV Search

ATS Partners

Job seeker

Job Seeker Login

Job Seeker Register

Search Jobs

AI Job interview

AutoApply

Companies by Location

Help

Jobs by Countries

Jobs In Saudi Arabia

Jobs In Kuwait

Jobs In Qatar

Jobs In Bahrain

Jobs In Egypt

Jobs In Jordan

Jobs in USA

Jobs in UK

Jobs in India

Change Country