Sr. Engineer, Cybersecurity (Application Security)
Full Time
Sr. Engineer, Cybersecurity (Application Security)
Summary:
Are you a seasoned Senior Application Security Engineer who gets excited by the challenge of securing complex systems against emerging threats? Do you love diving deep into code to find vulnerabilities and crafting solutions that strengthen application defenses? If so, we are looking for you!
As a Senior Application Security Engineer, you will play a pivotal role in designing and implementing security controls to protect our applications. Leveraging your extensive hands-on experience with secure coding practices and application security tools, you will develop and enforce policies, procedures, and controls that protect our software from ever-evolving cyber threats. Working closely with cross-functional teams, you will ensure our applications meet the highest standards of security and compliance while fostering a culture of secure software development.
In this role, you will tackle exciting challenges that push you to stay ahead of the curve in application security. You will have access to the latest tools and technologies and the opportunity to make a tangible impact on the security posture of our software systems. If you are passionate about application security and love solving complex technical problems, we want to hear from you! Join us and be a key part of shaping the future of secure software at National Life Group.
Key Responsibilities:
- Collaborate with IT leadership to align and support the execution of the Application Security program’s vision, strategy, and governance, ensuring it meets organizational objectives.
- Collaborate with IT teams to enhance the software security program by defining, documenting, and communicating security requirements within the SDLC. This may include integrating Software Composition Analysis (SCA), generating Software Bill of Materials (SBOM), and implementing comprehensive dependency management, ensuring alignment with industry best practices.
- Work with stakeholders to automate continuous security assessments (web and mobile applications), manage tool implementation, identify critical vulnerabilities, and ensure a streamlined remediation process, minimizing security risk in the development lifecycle.
- Enhance security reporting capabilities by developing metrics-driven dashboards and reports that communicate current risk exposures to leadership and highlight security improvements, including prioritized remediation and trend analysis.
- Conduct detailed software, security code, design, and architecture reviews to assess risks, enforce secure coding standards, influence architectural decisions, and ensure potential security issues are identified and addressed prior to production deployments.
- Lead threat modeling and security risk analysis across client-side and server-side applications. Provide actionable insights to development teams and security leadership, supporting risk-based decision-making process.
- Collaborate with IT leadership and vendor partners to define and deliver application security training and awareness programs, tailored to development teams, focused on secure coding practices, and reducing vulnerabilities in production.
- Oversee the governance of application security exceptions, ensuring all requests for deviations from security policies are evaluated based on a thorough risk assessment and documented with appropriate approvals.
- Maintain an up-to-date knowledge of emerging security threats, vulnerabilities, and best practices, and proactively adjust the organization’s security posture to mitigate risks. This includes evaluating new security tools, practices, and frameworks for adoption where appropriate.
- Promote a culture of security by collaborating with security and IT teams, advocating for secure-by-design principles, and developing reusable security code components that can be integrated into projects where applicable.
Job Requirements:
- Bachelor’s degree in computer science, Information Security, or a related field.
- A minimum of 5 years of experience in software development and/or software design, with hands-on coding experience in .NET, C#, Java, JavaScript and/or Python.
- A minimum of 3 years of progressive experience in application security, with a demonstrated history of leading secure coding practices.
- CISSP or CSSLP certification preferred.
- Experience in designing and implementing security solutions for cloud-based technologies and APIs.
- Demonstrated ability to translate vulnerability assessments and reports into prioritized, actionable tasks for development teams, ensuring that remediation efforts are aligned with risk assessments to address the most critical issues first.
- Extensive experience with security assessment tools such as SAST, DAST, SCA, and fuzz testing, paired with a deep awareness of their strengths and limitations.
- Thorough knowledge of OWASP Top 10, CWE 25, and data protection standards.
- Strong analytical and problem-solving skills, with the ability to react quickly and effectively to production issues.
- Excellent communication and presentation skills, with the ability to convey complex ideas in a clear and collaborative manner.
- Proven ability to manage multiple priorities in a dynamic, fast-paced environment, effectively navigating ambiguity while consistently meeting deadlines.
- Demonstrated leadership skills, with a passion for mentoring, coaching, and developing teams.
- Strong relationship-building skills, with the ability to engage stakeholders at all levels, including senior leadership.
- A proactive, self-motivated attitude with a clear passion for cybersecurity and servant leadership values.