Senior Application Security Engineer

Senior Application Security Engineer

Salary: Open + Bonus

Location: Chicago, IL or Coppell, TX

Hybrid: 3 days onsite, 2 days remote

*We are unable to provide sponsorship for this role*

Qualifications

• Bachelor's degree
• 5+ Years' experience in Application Security or Information Security environment.
• Strong proficiency application security and vulnerability management.
• Some proficiency with common penetration testing tools (Kali, Armitage, Metasploit, Cobalt Strike, Nmap, Qualys, Nessus, Burp Suite, Wireshark etc.)
• Experience writing scripts and working with containers in a CI/CD pipeline.
• Deep knowledge of common web, API and cloud vulnerabilities (eg OWASP Top 10, CWE, auth flaws etc.).
• Deep understanding of vulnerabilities, reachability, exploitability and how they affect applications.
• Familiarity with secure coding principles across multiple languages (python, Java, JavaScript etc.)
• Strong experience with custom Scripting (python, C++, PowerShell, bash, etc.) and process automation.
• Familiarity with Kubernetes security, container scanning and cloud infrastructure as code.
• Exposure to security architecture design through application development or knowledge of security concepts/best practices.

Responsibilities

• Build and optimize our security tooling stack, including SAST, DAST, SCA, and IaC.
• Implement DevSecOps principles and integrate tools into CI/CD pipelines and developer workflows.
• Define and improve secure SDLC processes - designing and implementing a developer friendly secure SDLC framework
• Automate security checks in CI/CD pipelines and developer tools to ensure continuous visibility and successful delivery.
• Build out process for threat modelling and secure design review process.
• Implement security for supply chain security, AI/ML application security, Open source etc.
• Review reports of the testing and conduct security risk assessments of the vulnerabilities.
• Conduct IT/Security code review meetings to eliminate false positives and encourage collaboration between Security and IT development teams.
• Assist with application security vulnerability management including implementation of new vulnerability management tools.