Application Security Engineer - Lead Information Security Engineer

About the Role

Key Responsibilities

• Managing security automation tools with main focus on SCA (i.e., Checkmarx One, BlackDuck) and other tools in the ecosystem along with supporting operational management with regularly scheduled upgrades of the tools.
• Interface with various internal teams such as ServiceNow AVR, DevOps, and vulnerability operations team to ensure SCA vulnerabilities are identified and recorded per the application security policies and guidance.
• Collaborate with security architecture teams to design vulnerability management workflows, establish best practices, and provide design guidance to optimize developer experience.
• Conduct security training and outreach for internal development teams as needed.
• Perform adversarial security analysis on various application security requirements, research and recommend cutting-edge tools and industry best practices.
• Work with application security governance teams, risk & compliance partners on audits (e.g., SOC 2, PCI-DSS) and recommend relevant policies.
• Collaborate with CTO pipeline teams to improve code quality and vulnerability detection on OpenSource, code signing, and SBOM creation.
• Analyze, enhance, architect, and support container security tools and platforms.
• Design and build advanced security solutions to strengthen open source software supply chains for effective automation and management.

Requirements

• 5+ years of Information Security Engineering experience, or equivalent demonstrated through work experience, training, military experience, or education.
• 5+ years of experience as Application Security and DevSecOps engineer, collaborating with developers to adopt and mature secure development practices.
• 3+ years experience in programming languages such as .Net, C#, Java, RUST, or C++.

Nice to Have

• Ability to write automation scripts in Python and PowerShell to support internal projects.
• Experience with CI/CD pipelines and related technologies (e.g., GitHub, Jenkins, Maven, Artifactory, Harness, Xray, Curation).
• Good understanding of Secure Software Development Lifecycle.
• Strong knowledge of OWASP Top 10 or CWE.
• Experience with AI tools supporting false positives reduction, auto code remediation, open-source threat intelligence.
• Experience with Jira/Confluence.
• Strong problem-solving and analytical skills.
• Certification in information security (CISSP, CISM, CEH, etc.).
• Experience with container security technologies like k8s and OpenShift.
• Experience generating SBOMs using CycloneDX or SPDX, managing or utilizing dependency track.

Qualifications

• Educational background or certifications in information security or related fields.

Benefits & Perks

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement