Cybersecurity Engineer – Application Security Enablement

Labcorpis seeking aCybersecurity Engineer Application Security Enablementto join our team in a remote capacity.

Location: Remote

Applicants who live within 35 miles of either the Burlington NC or Durham NC location will follow a hybrid schedule. This schedule includes a minimum of three in-office days per week at an assigned location either Burlington or Durham supporting both collaboration and flexibility.

Work Schedule:This is afulltime exempt (salaried) position assigned to a First Shift schedule with standard business hours of Monday through Friday 8:00 a.m. to 5:00 p.m. in your local time zone.Business needs may occasionally require flexibility in work hours including earlier later oradditionalhours with reasonable notice provided when possible.

Job Responsibilities

Application Security Design Standards & Patterns

• Define and document secure development standards and patterns for modern application architectures (web API microservices) with guidance grounded in industry best practices such as OWASP and informed by broader frameworks (i.e.NIST CIS Controls).

• Develop reusable patterns for common application scenarios such as secure APIs service-to-servicecommunicationand front-end/back-end architecture.

• Translate complex security risks into clear developer-focused guidance that can be easily adopted.

• Contribute to the creation of machine-consumable security patterns to support AI-enabled and automated development tools.

Secure Design Enablement

• Collaboratewith engineers and architects during design discussions toprovide guidance on secure application architecture and design decisions.

• Identifycommon security pitfalls early in the lifecycle.

• Provide guidance onsecure integration and data protection patterns. For example:
  - Input validation and output encoding
  - API security and authentication flows
  - Session management and token handling
  - Secrets management and secure configuration

• Promotesecure-by-design and secure-by-default principlesto enable efficient and secure development practices.

Identity & Access Management (Supporting Role)

• Support the integration of authentication and authorization patterns within applicationarchitecture.

• Ensure secure implementation of protocols such as OAuth 2.0 OIDC and SAML.

• Align application security practices with identity and access management identity governance and privileged access management solutions.

Cross-Functional Collaboration

• Partner with Digital IdentityServices Cybersecurity Engineering Product Security Testing and other teams to provide application security guidance and support risk mitigation.

• Collaborate withtheGovernance Risk and Compliance team to align application security practices with enterprise policies and regulatory requirements.

• Work with Cybersecurity Operations to enhance detection and response capabilities forapplication-levelthreats.

• Engage with Enterprise Architecture teams to influence secure design decisions.

• Support data protection initiatives by ensuringappropriate controlsfor sensitive data handling and exposure mitigationareutilized.

Risk Advisory

• Review vulnerability patterns and provide guidance on prioritization and remediation of application security risks.

• Serve as a trusted advisor to engineering and architecture teams offering practical and actionable security recommendations.

• Support standardization of application security risk management practices across teams.

Continuous Improvement and Innovation

• Stay current with emerging threats vulnerabilities and trends in application security.

• Evaluate and evolve security standards to support cloud native API first distributed and AI enabled applications.

• Contribute to the development of scalable consistent application security enablement practices across the organization.

Minimum Qualifications

• High school diploma with 12 or more years of experience in application security secure software development or cybersecurity engineering; or Associate degree with 10 or more years of experience; or Bachelors degree in Computer Science Information Security or Engineering with 8 or more years of experience; or Masters degree in Computer Science Information Security or Engineering with 6 or more years of experience.

• 8 or more years of experiencein application security secure software development or cybersecurity engineering with a focus onidentifyingand addressing application-layer risks.

• 5 or more years of experienceapplying secure coding principles and addressing application security risks using OWASP Top 10 or similar best practices with the ability to translate risks into actionable developer guidance.

• 3 or more years of experienceworking with enterprise security frameworks such as NIST CSF CIS Controls or ISO 27001 withdemonstratedability to align application security practices tothese or otherapplicableframeworks.

• 3 or more years of experiencein application or software development OR equivalent experience working closely with development teams withdemonstratedability to engage developers credibly on secure coding practices design and remediation strategies.

• 5 or more years of experiencedesigning or securing web applications APIs and microservices architectures including providing guidance on secure design decisions.

• 5 or more years of experienceidentifying analyzing and guiding remediation of common vulnerabilities such as injection XSS CSRF broken authentication and insecure deserialization.

• 3 or more years of experienceapplying secure design patterns in real-world systems with the ability to guide teams on secure-by-design and secure-by-default principles.

• 2 or more years of experiencesecuring cloud-native applications and APIs in AWS or Azure including advising on secure architecture and integration patterns.

• 2 or more years of experienceworking with authentication and authorization protocols such as OAuth 2.0 OIDC and SAML including advising onappropriate implementationwithin application architectures.

• 3 or more years of experienceoperatingin a consultative cross-functional roleprovidingactionable security guidance to engineering and architecture teams and influencing secure design decisions.

Preferred Qualifications

• 3 or more years of experiencedefining or contributing to secure development standards guidelines or reference architectures.

• 3 or more years of experienceintegrating security into the software development lifecycle (SDLC) includingDevSecOpspractices and collaboration with CI/CD pipelines and development workflows.

• 3 or more years of experienceworking with API security frameworks standards or tooling with the ability to guide teams on securing modern API-driven architectures.

• 2or more years of experienceapplying threat modeling methodologiestoidentifydesign-level risks and guide mitigation strategies with engineering and architecture teams.

• 2or more years of experienceworking with application security testing tools (SAST DAST SCA) including interpreting findings and helping development teams prioritize and remediate vulnerabilities effectively.

• 1 or more years of experienceenablingthesecuredesign of AI-enabled applications focusing on security controls and best practices including emerging risks and secure design patterns with the ability to guide engineering teams onsecureadoptionpractices.

Additional Job Standards

• Experience supporting security testing or assessment teams.

• Familiarity with identity and access management platforms such as Okta Microsoft Entra ID or SailPoint.

• Broad familiarity with cloud platformsecuritycapabilities and their integration into enterprise environments.

• Relevant certifications such as CSSLP GWAPT or CISSP.

• Strong analytical andproblemsolvingskills with a pragmatic approach to security solutions.

• Developerfocusedmindset with an understanding of modern application development practices.

• Ability to simplify complex technical concepts for diverse audiences.

• Strong collaboration skills across engineering security and architecture teams.

• Proven ability to deliver practical scalable and reusable solutions.

• High levelof professionalism adaptability and continuous learning mindset.

• Strong communicationskills with the ability to translate complex security concepts into practical guidance.

About the Role

The Cybersecurity Engineer Application Security Enablement plays a critical role in strengtheningLabcorpsapplication security posture by enabling secure design and development practices across engineering teams. This position combines deep technicalexpertisewith a consultative approach to guide teams in building secure scalable applications. The role supports enterprise security strategy by embedding security standards improving risk management practices andadvancing secure development capabilities including the adoption of emerging technologies such asAIenabledapplications.