Application Security Engineer

Application Security Engineer

This is an Application Security Focused Engineer. Needs to have been involved in security for application front ends.

Location :

Acadia WI Advance NC Seattle WA and Tampa. Onsite 5 days/week

Role:

Front End Developer/Cyber Security Engineer

• Need support to build safer applications due to recent attacks (web app/mobile cx)
• This individual will work closely with engineering & security teams to ensure a strategy moving forwards
• App side & less infrastructure focused
• OWASP Top 10
• Svelte
• API (shared responsibility)

Key Responsibilities:

Frontend Development & Security Integration

• Architect and develop secure frontend applications using modern frameworks (Svelte React Flutter etc.)
• Implement security-first design principles in web and mobile application development
• Build and maintain security libraries components and frameworks for development teams
• Design secure authentication and authorization flows (OAuth 2.0 SAML JWT)
• Implement Content Security Policy (CSP) CORS and other browser security mechanisms

Application Security Leadership

• Conduct security code reviews and vulnerability assessments for frontend applications
• Implement OWASP Top 10 mitigation strategies across all web properties
• Design and implement secure API consumption patterns and data handling
• Lead security testing initiatives including SAST DAST and penetration testing coordination
• Develop secure coding standards and security guidelines for development teams

Infrastructure Security & Performance

• Configure and optimize CDN security settings (Fastly)
• Implement and manage Web Application Firewall (WAF) rules and policies
• Design DDoS protection strategies and rate limiting mechanisms
• Optimize application performance while maintaining security standards
• Monitor and respond to security incidents affecting frontend applications

Security Tools & Monitoring

• Implement security monitoring and alerting for frontend applications
• Integrate security scanning tools into CI/CD pipelines
• Configure and manage security headers and SSL/TLS implementations
• Develop automated security testing and compliance validation
• Create security dashboards and reporting mechanisms

Team Leadership & Education

• Mentor development teams on secure coding practices
• Conduct security training and awareness sessions
• Collaborate with DevSecOps Security and SRE teams on security initiatives
• Lead incident response for application security events
• Stay current with emerging security threats and mitigation techniques

Required Qualifications:

• Experience: 7 years in frontend development with 4 years focused on application security
• Security Expertise: Deep understanding of OWASP Top 10 security vulnerabilities and mitigation strategies
• Frontend Technologies: Expert-level proficiency in JavaScript TypeScript HTML5 CSS3
• Frameworks: Strong experience with Svelte or React with security considerations
• Security Tools: Hands-on experience with SAST/DAST tools vulnerability scanners penetration testing
• Web Security: Extensive knowledge of CSP CORS XSS prevention CSRF protection input validation
• Infrastructure: Experience with CDN configuration WAF management and DNS security
• Authentication: Implementation experience with OAuth SAML JWT and multi-factor authentication
• Compliance: Understanding of PCI DSS GDPR CCPA and other relevant security standards
• DevSecOps: Experience integrating security into CI/CD pipelines

Preferred Qualifications:

• Certifications: CISSP CEH OSCP AWS Security Specialty or equivalent security certifications
• Cloud Security: Experience with AWS/Azure/GCP security services and configurations
• Mobile Security: Understanding of mobile application security (iOS/Android)
• API Security: Experience with GraphQL security REST API protection and microservices security
• Threat Modeling: Experience with application threat modeling and risk assessment
• Incident Response: Background in security incident response and forensics
• E-commerce Security: Experience securing e-commerce platforms and payment processing
• Zero Trust: Understanding of Zero Trust architecture principles

Technical Skills:

• Languages: JavaScript TypeScript Python (for security scripting)
• Security Frameworks: OWASP ASVS NIST Cybersecurity Framework
• Security Tools: Burp Suite OWASP ZAP Nessus Qualys Checkmarx Veracode
• Monitoring: SIEM integration security logging threat detection
• Infrastructure: Terraform Docker Kubernetes security configurations
• Version Control: Git with security branch protection and code signing