Job description

Application Security Engineer This is an Application Security Focused Engineer. Need's to have been involved in security for application front ends. Location : Acadia WI, Advance, NC, Seattle, WA, and Tampa. Onsite 5 days/week Role: Front End Developer/Cyber Security Engineer • Need support to build safer applications due to recent attacks (web app/mobile cx) • This individual will work closely with engineering & security teams to ensure a strategy moving forwards • App side & less infrastructure focused • OWASP Top 10 • Svelte • API (shared responsibility) Key Responsibilities: Frontend Development & Security Integration • Architect and develop secure frontend applications using modern frameworks (Svelte, React, Flutter, etc.) • Implement security-first design principles in web and mobile application development • Build and maintain security libraries, components, and frameworks for development teams • Design secure authentication and authorization flows (OAuth 2.0, SAML, JWT) • Implement Content Security Policy (CSP), CORS, and other browser security mechanisms Application Security Leadership • Conduct security code reviews and vulnerability assessments for frontend applications • Implement OWASP Top 10 mitigation strategies across all web properties • Design and implement secure API consumption patterns and data handling • Lead security testing initiatives including SAST, DAST, and penetration testing coordination • Develop secure coding standards and security guidelines for development teams Infrastructure Security & Performance • Configure and optimize CDN security settings (Fastly) • Implement and manage Web Application Firewall (WAF) rules and policies • Design DDoS protection strategies and rate limiting mechanisms • Optimize application performance while maintaining security standards • Monitor and respond to security incidents affecting frontend applications Security Tools & Monitoring • Implement security monitoring and alerting for frontend applications • Integrate security scanning tools into CI/CD pipelines • Configure and manage security headers and SSL/TLS implementations • Develop automated security testing and compliance validation • Create security dashboards and reporting mechanisms Team Leadership & Education • Mentor development teams on secure coding practices • Conduct security training and awareness sessions • Collaborate with DevSecOps, Security, and SRE teams on security initiatives • Lead incident response for application security events • Stay current with emerging security threats and mitigation techniques Required Qualifications: • Experience: 7+ years in frontend development with 4+ years focused on application security • Security Expertise: Deep understanding of OWASP Top 10, security vulnerabilities, and mitigation strategies • Frontend Technologies: Expert-level proficiency in JavaScript, TypeScript, HTML5, CSS3 • Frameworks: Strong experience with Svelte, or React with security considerations • Security Tools: Hands-on experience with SAST/DAST tools, vulnerability scanners, penetration testing • Web Security: Extensive knowledge of CSP, CORS, XSS prevention, CSRF protection, input validation • Infrastructure: Experience with CDN configuration, WAF management, and DNS security • Authentication: Implementation experience with OAuth, SAML, JWT, and multi-factor authentication • Compliance: Understanding of PCI DSS, GDPR, CCPA, and other relevant security standards • DevSecOps: Experience integrating security into CI/CD pipelines Preferred Qualifications: • Certifications: CISSP, CEH, OSCP, AWS Security Specialty, or equivalent security certifications • Cloud Security: Experience with AWS/Azure/GCP security services and configurations • Mobile Security: Understanding of mobile application security (iOS/Android) • API Security: Experience with GraphQL security, REST API protection, and microservices security • Threat Modeling: Experience with application threat modeling and risk assessment • Incident Response: Background in security incident response and forensics • E-commerce Security: Experience securing e-commerce platforms and payment processing • Zero Trust: Understanding of Zero Trust architecture principles Technical Skills: • Languages: JavaScript, TypeScript, Python (for security scripting) • Security Frameworks: OWASP ASVS, NIST Cybersecurity Framework • Security Tools: Burp Suite, OWASP ZAP, Nessus, Qualys, Checkmarx, Veracode • Monitoring: SIEM integration, security logging, threat detection • Infrastructure: Terraform, Docker, Kubernetes security configurations • Version Control: Git with security branch protection and code signing

Requirements