Lead Application Security Engineer

Lead Application Security Engineer

HIGHLIGHTS
Location:Scottsdale AZ 85251
Position Type:Direct Hire
Hourly / Salary:Based on Experience
Residency Status:US Citizen or Green Card Holder ONLY

Our leading client is seeking aLead Application Security Engineerto play a critical dual role at the intersection of secure software development and handson engineering leadership. This position is ideal for a technologist who is passionate about building modern applicationsandensuring they are secure by design.

In this role you will embed application security expertise directly into the engineering organization. Approximately half of your focus will be on application security identifying vulnerabilities guiding remediation efforts and providing meaningful security metrics and reporting. The other half will be spent leading and contributing to the design development and delivery of applications built withJava and Angular.

The ideal candidate naturally bridges security and engineering influencing architecture decisions mentoring development teams and championing best practices that balance strong security with scalability performance and delivery speed.

This position is based in their Scottsdale AZ office. After completing an initial training period the role offers a hybrid schedule with four days in the office and one remote day per week.

Responsibilities

Application Security

• Conduct application security assessments and vulnerability scans using Veracode (SAST DAST and SCA) across Java Spring Boot REST services AngularJS and Angular applications.
• Analyze prioritize and track security findings through their full remediation lifecycle ensuring timely resolution and appropriate escalation.
• Hands-on remediate security vulnerabilities directly in Java Spring Boot AngularJS and Angular codebases while also guiding developers on secure coding practices and mitigation techniques specific to the Java and JavaScript ecosystem.
• Review assess and implement REST API security controls hands-on including coding authentication authorization input validation and data protection solutions directly within Spring Boot services.
• Produce clear well-structured vulnerability reports and executive summaries for both technical teams and leadership.
• Establish and maintain application security policies standards and guidelines aligned with OWASP and industry best practices.
• Participate in Architecture Review Board discussions to identify and address security risks in proposed designs.
• Evaluate AI-generated code from tools such as GitHub Copilot for security risks and guide developers on safe AI-assisted development practices.
• Leverage AI-assisted security tooling to accelerate vulnerability detection triage and remediation workflows.
• Support compliance and audit activities related to application security controls.

Lead Software Engineering

• Take full ownership of team deliverables ensuring quality stability and resilience of applications.
• Establish and enforce coding standards and development practices for high-quality secure software delivery.
• Serve as the technical lead for major system components guiding architecture and technical decisions while remaining an active hands-on contributor to the codebase.
• Actively design write review and maintain code for scalable user interfaces and services contributing directly to efficient responsive applications built on Java Spring Boot Angular and microservices architectures.
• Understand data flows and system integrations to support solution design and write code directly to facilitate defect resolution and system improvements.
• Identify and resolve performance issues defects and system inefficiencies through direct hands-on code contributions or delegating fixes to others as needed.
• Act as the primary technical liaison with stakeholders translating requirements into scalable solutions and managing expectations.
• Foster a culture of accountability security awareness and continuous improvement through coaching and mentoring.

Qualifications

• Bachelors degree in Computer Science Information Technology or equivalent experience.
• 5 years of hands-on application security engineering experience including vulnerability assessment and remediation.
• 7 years of software development experience with Java and Angular/AngularJS.
• 3 years of experience in technical leadership or lead engineering capacity.
• Proficient in: Java Spring Boot Spring Security REST Web Services Microservices JavaScript TypeScript AngularJS Angular HTML CSS JUnit Mockito Git Maven and SQL.
• Hands-on experience with enterprise application security scanning platforms such as Veracode Checkmarx Fortify or similar tools including SAST DAST and SCA scan configuration results interpretation and developer-facing remediation guidance.
• Strong understanding of the OWASP Top 10 and how vulnerabilities manifest in enterprise Java and JavaScript applications.
• Experience securing REST APIs including OAuth2 JWT and Spring Security implementations.
• Demonstrated ability to produce clear vulnerability reports with severity ratings impact assessments and recommended mitigations for both technical and non-technical audiences.
• Experience in project estimation requirements gathering system design agile story creation release support and agile methodologies.
• Preferred knowledge in: GitHub Copilot AI-assisted security tooling AWS GCP Drupal Jasmine Karma IntelliJ Eclipse STS WebStorm Rancher Jira PL/SQL Checkmarx Fortify or Burp Suite.
• Security certifications such as CSSLP CEH GWAPT or equivalent application security credentials are a plus.
• Strong written and verbal communication skills with the ability to engage both development teams and IT leadership effectively.
• Excellent analytical and problem-solving abilities with strong attention to detail.
• Team-oriented adaptable and motivated to support both engineering excellence and organizational security goals.

We are GTN The Go To Network