Senior Application Security Engineer

Join our dynamic team as a Senior Application Security Engineer, where you'll play a pivotal role in partnering with Security Engineering Enablement and Security Architecture to design and deliver secure software. You will engage in secure code reviews and help define essential requirements for pre-release security validations including SAST, DAST, SCA, API security, and Container/IaC scans. As a key player in our Center of Excellence (COE) for Application Security, Web Application Firewalls, and Cloud Security, you'll provide expert advice and guidance to teams, supporting established standards and policies through initiatives like Office Hours, Brown Bags, and consultation sessions. Primary Responsibilities: Operate and enhance our Application Security and Cloud Security tools, managing aspects like user onboarding, policy configurations, and integrations. Triage vulnerabilities from various sources (SAST, DAST, SCA, API, IaC, CSPM) and manage false positive reviews with robust audit trails. Collaborate with Cloud Platform teams to strengthen AWS, Azure, and GCP environments using CSPM controls and best practices for secure serverless and container solutions. Support the administration and maintenance of the AppSec/CloudSec/WAF tools, ensuring optimal performance and reliability. Continuously assess and evaluate security tools to ensure alignment with our evolving needs. Serve as the first point of contact for Responsible Disclosure submissions, reproducing issues, assessing severity, and coordinating remediation efforts. Maintain clear communication with Responsible Disclosure reporters and internal stakeholders while ensuring compliance through accurate record-keeping. Utilize scripting and automation (preferably Python, along with PowerShell, Bash) for operational efficiencies and to minimize manual efforts. Be a stakeholder in designing Secure Pipelines in collaboration with the Security Engineering Enablement team. Minimum Qualifications: Bachelor's degree in a related field and 6 years of related experience, or equivalent combinations of education and experience. At least 2 years of experience in Application/Product security or software engineering with a strong security emphasis. Hands-on experience with modern SDLC/DevSecOps in cloud-native environments including microservices, APIs, and containers. Proficient in operating and tuning security tools such as SAST, DAST, SCA, API testing, and IaC scanners. Skilled in scripting/automation and REST API integrations. In-depth knowledge of OWASP Top 10 and common web/API vulnerabilities with a focus on secure design patterns. Experience in managing responsible disclosure or bug bounty program reports. Excellent communication skills with a proven ability to simplify complex risks for diverse audiences. Familiarity with software supply chain security and runtime protection methods. Strong grasp of cloud architecture and security best practices. Collaborate effectively with AI systems for software development and deployment. Implement AI-driven features and engage in prompt engineering experimentation, sharing insights on tool usage. Define coding standards and ethical guidelines for AI use within development practices. Mentor colleagues and guide junior team members regarding AI-enhanced development techniques. Applicants must currently be authorized to work in the United States for any employer without sponsorship. Preferred Skills: Experience in WAF engineering and related security policy design. Relevant certifications (CISSP, CSSLP, GWAPT, GCSA, GCP/AWS/Azure security) are beneficial. Familiarity with API security and proactive threat response mechanisms is a plus. The position is located at [insert precise work address here]. Compensation: Compensation includes a base salary ranging from $119,600 to $199,400, influenced by various factors such as location and individual qualifications. Additional compensation opportunities may include an incentive program. Benefits: Our company offers flexible vacation policies, seven paid holidays, up to 160 hours of paid wellness annually, and additional paid time off for various life circumstances including bereavement, voting, jury duty, volunteering, military service, and parental leave.