Job description

Our client, a fast-paced tech company at the forefront of innovation, is seeking an experienced Lead Application Security Engineer to join their robust cybersecurity division. This fully remote position offers the opportunity to drive secure software development practices across the organization and protect critical applications from evolving threats. You will be responsible for designing, implementing, and maintaining security controls throughout the software development lifecycle (SDLC), conducting code reviews, and leading security testing initiatives. This role requires a deep understanding of application security principles, threat modeling, and secure coding practices. Responsibilities: Develop and enforce secure coding standards and best practices across all development teams. Perform threat modeling and risk assessments for new and existing applications. Conduct security code reviews and penetration testing to identify vulnerabilities in web and mobile applications. Integrate security tools and processes into the CI/CD pipeline (e.g., SAST, DAST, SCA). Design, implement, and manage security controls for applications, APIs, and microservices. Respond to and investigate security incidents related to application vulnerabilities. Collaborate closely with development teams to remediate security findings and provide guidance on secure development techniques. Develop and maintain security documentation, playbooks, and training materials for developers. Stay abreast of emerging application security threats, vulnerabilities, and industry trends. Automate security testing and validation processes where possible. Advise on security architecture and design decisions for new projects. Mentor and guide junior application security engineers and development teams on security best practices. Qualifications: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience. Minimum of 6 years of experience in application security, software development, or a related cybersecurity role. Strong understanding of web application security principles (OWASP Top 10), cryptography, and secure development lifecycles (SDLC). Hands-on experience with security testing tools (e.g., Burp Suite, ZAP, Veracode, Checkmarx) and vulnerability scanners. Proficiency in at least one programming or scripting language (e.g., Python, Java, C#, JavaScript). Experience with cloud security principles (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a significant plus. Knowledge of threat modeling frameworks (e.g., STRIDE, DREAD). Relevant security certifications (e.g., CISSP, OSCP, CEH) are highly desirable. Excellent analytical, problem-solving, and communication skills. Ability to effectively collaborate with development teams and communicate technical security concepts clearly. Proven ability to work independently and lead initiatives in a remote setting. This role is based in Nashville, Tennessee, US , but is offered as a fully remote position, providing significant work-life flexibility.

Requirements