Senior Application Security Engineer
Salary: Open + Bonus
Location: Chicago, IL or Coppell, TX
Hybrid: 3 days onsite, 2 days remote
We are unable to provide sponsorship for this role
Qualifications
- Bachelor's degree
- 5+ Years' experience in Application Security or Information Security environment.
- Strong proficiency application security and vulnerability management.
- Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.)
- Experience writing scripts and working with containers in a CI/CD pipeline.
- Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.).
- Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications.
- Familiarity with secure coding principles across multiple languages (python, Java, JavaScript etc.)
- Strong experience with custom Scripting (python, C , PowerShell, bash, etc.) and process automation.
- Familiarity with Kubernetes security, container scanning and cloud infrastructure as code.
- Exposure to security architecture design through application development or knowledge of security concepts/best practices.
Responsibilities
- Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC.
- Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows.
- Define and improve secure SDLC processes - designing and implementing a developer friendly secure SDLC framework
- Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery.
- Build out process for threat modelling and secure design review process.
- Implement security for supply chain security, AI/ML application security, Open source etc.
- Review reports of the testing and conduct security risk assessments of the vulnerabilities.
- Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams.
- Assist with application security vulnerability management including implementation of new vulnerability management tools.