Sr Engineer, Cybersecurity

What Youll Do:

• Design, build, and operatecloud-native AppSec automation platforms that reduce cyber risk and enable secure software delivery.
• Develop and maintain backend services, automation frameworks, and APIs usingJava/Spring, C#/.NET Core, Go, Python, and Shell scripting.
• Engineer and integrateautomated AppSec testing into CI/CD pipelines, including:
• Static Application Security Testing (SAST).
• Dynamic Application Security Testing (DAST).
• Software Composition Analysis (SCA).
• Secrets detection and remediation.
• Mobile Application Security Testing (MAST).
• Infrastructure-as-Code (IaC) security scanning.
• Build event-driven and data-driven automation to correlate findings, reduce false positives, and enable automated remediation.
• ApplyAI-enabled techniques (LLMs, embeddings, RAG, classification models) to:
• Improve vulnerability triage and prioritization.
• Enhance developer feedback and remediation guidance.
• Automate policy interpretation and exception handling.
• Conduct secure architecture and API design reviews, threat modeling, and risk assessments for cloud-native and microservices-based systems.
• Design scalable, highly available components with strong observability, resilience, and failure-handling characteristics.
• Integrate AppSec controls into AWS and Azure environments, including IAM, secrets management, encryption, and secure integration patterns.
• Deploy and operate services using containers, serverless components, Kubernetes, and managed cloud services.
• Contribute to CI/CD pipelines, infrastructure-as-code, and DevOps practices to support reliable, repeatable releases.
• Participate in design, code, and security reviews, ensuring secure-by-design and engineering best practices.
• Partner with engineering teams to identify, prioritize, and remediate application, API, secrets, and IaC vulnerabilities.
• Mentor engineers and promote secure development practices through documentation, tooling, and knowledge sharing.
• Recommend tools, patterns, and process improvements to advance AppSec automation maturity.
• Perform additional duties and projects as assigned.

What Youll Bring:

• 57+ years of professional software development and application security experience.
• Bachelors or Masters degree in Computer Science, Software Engineering, Information Management, or equivalent practical experience.
• Strong experience buildingenterprise-grade, cloud-native applications and APIs.
• Hands-on experience withapplication security across the SDLC, including secure design, code review, threat modeling, and vulnerability remediation.
• Proven experience implementing and scalingAppSec testing and automation, including:
• SAST, DAST, SCA, Secrets scanning.
• MAST for mobile applications.
• IaC security scanning and policy enforcement.
• Strong programming experience inone or more backend languages (Java, C#, Go)and automation languages (Python and Shell).
• Experience buildingevent-driven or workflow orchestration systems for security automation.
• Hands-on experience with AWS and/or Azure, including cloud-native security controls.
• Solid understanding of distributed systems, microservices, and secure integration patterns.
• Experience with CI/CD pipelines, DevOps practices, automated testing, Docker, and Kubernetes.
• Strong experience with relational and NoSQL databases, SQL, and data modeling.
• Working knowledge of secure coding practices, IAM, secrets management, encryption, and vulnerability remediation.
• Experience applying or integratingAI-driven automation within engineering or security platforms.

Must Have Skills:

• Core understanding of backend development using Java/Spring, C# / .NET Core, Go, Python
• Python and Shell scripting for security automation
• Experience building cloud-native, enterprise-grade applications
• Strong application and API security experience across the SDLC
• Hands-on experience with SAST, DAST, SCA, Secrets, MAST, and IaC security
• Experience integrating AppSec tooling into CI/CD pipelines
• Automation, workflow orchestration, or event-driven system design
• AWS and/or Azure experience
• Strong understanding of distributed systems and integration patterns
• CI/CD, DevOps, Docker, and Kubernetes experience
• APIs, relational/NoSQL databases, and SQL
• Secure coding, IAM, secrets management, and vulnerability remediation
• Automated testing (unit, integration, security)

Nice To Have:

• Experience buildingAI-powered AppSec automation or developer enablement tools
• Experience with SOAR platforms or security workflow orchestration
• Familiarity with observability, reliability, or SRE practices
• Infrastructure-as-code expertise (Terraform, ARM, Bicep)
• Experience securing RESTful and event-driven APIs (OAuth 2.0, mTLS, OWASP API Top 10)
• Experience mentoring engineers or building shared security frameworks