Job Title: Application Security Engineering Lead
Location: Remote (Onshore - USA)
Employment Type: Contract
Experience Required: 7+ Years
Positions: 1
Position Overview
We are seeking an experienced
Application Security Engineering Lead to drive the security strategy, architecture, and implementation of secure software development practices across enterprise applications. The ideal candidate will have deep expertise in application security, secure coding principles, vulnerability management, DevSecOps, and security automation using
Python.
This role will work closely with software architects, development teams, DevOps engineers, cloud engineers, and security stakeholders to integrate security throughout the Software Development Life Cycle (SDLC). The successful candidate will lead application security initiatives, establish security standards, automate security processes, and ensure applications are resilient against evolving cyber threats.
Key Responsibilities
Application Security Leadership
- Lead the organization's Application Security (AppSec) program and establish secure software development standards.
- Define and implement secure coding guidelines, application security policies, and development best practices.
- Serve as the primary technical advisor for application security across enterprise projects.
- Promote a security-first culture by mentoring development teams on secure design and coding practices.
Secure Software Development
- Partner with development teams to integrate security into every phase of the SDLC.
- Conduct secure design and architecture reviews for web, mobile, cloud, and API-based applications.
- Review application code to identify security vulnerabilities and recommend remediation strategies.
- Ensure compliance with OWASP Top 10, CWE, SANS Top 25, and industry security standards.
Security Testing & Vulnerability Management
- Lead Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Interactive Application Security Testing (IAST) activities.
- Identify, prioritize, and remediate application vulnerabilities.
- Coordinate penetration testing and validate remediation efforts.
- Perform threat modeling and security risk assessments for new applications and services.
Security Automation
- Develop and maintain Python scripts to automate security assessments, reporting, vulnerability validation, and compliance checks.
- Automate security scanning and integrate security tools into CI/CD pipelines.
- Build custom security utilities to improve application security operations and developer productivity.
- Support Infrastructure as Code (IaC) security validation and cloud security automation.
DevSecOps & Cloud Security
- Integrate security controls into DevOps and CI/CD pipelines.
- Collaborate with cloud engineering teams to implement secure cloud-native application architectures.
- Secure REST APIs, microservices, containers, and Kubernetes deployments.
- Support identity management, authentication, authorization, and secrets management.
Governance & Compliance
- Ensure compliance with enterprise security policies and regulatory requirements.
- Develop security documentation, standards, and operational procedures.
- Track application security metrics, remediation timelines, and risk posture.
- Support internal and external security audits.
Required Qualifications
- Minimum 7+ years of experience in Application Security, Secure Software Development, or Cybersecurity Engineering.
- Advanced expertise in Application Security principles and practices.
- Strong experience implementing secure SDLC and DevSecOps methodologies.
- Advanced proficiency in Python scripting and security automation.
- Hands-on experience with SAST, DAST, SCA, and vulnerability management tools.
- Strong understanding of OWASP Top 10, CWE, CVSS, and secure coding standards.
- Experience securing RESTful APIs, web applications, microservices, and cloud-native applications.
- Experience with authentication and authorization technologies such as OAuth2, OpenID Connect, JWT, and SAML.
- Familiarity with container security, Kubernetes, Docker, and Infrastructure as Code.
- Excellent analytical, communication, leadership, and problem-solving skills.