Principal Application Security Engineer

Job Title : Principal Application Security Engineer

Type : Direct Hire, FTE W2 (Visa Sponsorship isn't available)

Work Location : Hybrid opportunity in Atlanta, GA 30342 (3 days onsite a week : Tue / Wed / Thur)

We are looking for a talented and skilled Principal Application Security Engineer for our Atlanta client. This is a full-time, permanent position and the person will work onsite 3 days per week (Tues / Wed / Thurs).

The Principal Application Security Engineer performs a critical role in our clients roadmap to deliver the most secure, privacy-focused, and compliant customer-facing websites.

This person will report directly to the VP of Information Security, but will be embedded with the development team and collaborate effectively with other various teams within technology and product.

The Engineer will be responsible and accountable for creating programs and driving the performance of secure software development practices, including addressing vulnerabilities and software security defects, and documenting and managing software supply chain threats and risks.

The Engineer will have a chance to originate security programs, tasks, and methodologies as well.

Essential Job Responsibilities :

• Independently ensure that identified software defects are properly triaged for false positives, correctly prioritized based on criticality, and mitigated.
• Automate the discovery, profiling, and continuous security monitoring of code.
• Responsible for integrating the security toolset into the CI / CD pipeline.
• Responsible for managing the current application security toolset and advising management on improvements.
• Accountable for managing our software supply chain by defining, documenting, and updating the program to include discovery and reporting of software bill of materials (sbom).
• Accountable for inventory, document, monitor, and secure production APIs.
• Accountable for conducting threat assessments, building threat models, and creating remediation plans based on the results of threat assessments.
• Perform or facilitate the performance of security risk assessments.
• Perform RFI and engage web application penetration testers as needed and by policy.
• Anticipate need, initiate, and guide discussions on security strategy and architecture changes.
• Work with the privacy function to implement data protection requirements.
• Responsible for managing vulnerabilities identified by independent researchers and vetting them for accuracy.
• Independently assess the vulnerabilities against risk and criticality, then manage them alongside other security defects.
• Define and develop the Application Security strategy and roadmap across people, process, and technology.
• Create and perform necessary testing, scanning, and remediation of our internet-facing web applications
• Configure, troubleshoot, and manage the development environment Identity and Access Management
• Ensure that development and production application assets in the cloud are configured to support security policies including those for data at rest and data in transit.
• Where assigned, manage the relationship with the vendor, including contract review and negotiation, performing quarterly business reviews, and creating performance and other reporting metrics.
• Design security compliance metrics that align with Application Security requirements and assist with driving enforcement.
• Assist with triaging potential security incidents

Required Experience :

• 5 to 8+ years of experience securing consumer-facing web applications.
• Enterprise web application software development experience.
• 5 years of experience working with cloud-native solutions in Azure and in Azure DevOps.
• Experience with conducting threat assessments, building threat models, and creating remediation plans based on the results of threat assessments.
• Expertise with AppSec methods & tools including threat modeling, design patterns, SAST, DAST, bug bounty programs.
• 5 years of experience developing security tools, such as Source code scanners, database scanners, API testing, load tests and general security scanners.
• Strong experience in the development of tools and processes to drive DevOps / Application Security maturity by automating builds, regression testing, monitoring, and pushing releases across environments.
• Microsoft Azure experience, including expertise in Azure virtual machines, storage accounts, network security groups, Azure DevOps, GitHub Actions.
• Experiences in configuring, deploying and monitoring applications in Microsoft Azure. That experience in GCP or AWS cloud environments is a plus.
• Experience developing continuous integration pipelines and building containers using Azure DevOps, GitHub, Google Cloud Run.
• Experience with deployment of software applications to pre-production and production environments.
• Experience with deployment orchestration using Docker Swarm.
• Experience with Kubernetes or other orchestration products.
• Experience using Python for automation.
• Experience creating runbooks and documenting policies and procedures.
• Experience with and understanding of OWASP Top10, CVSS, the Mitre Att&ck framework and the software development lifecycle (SLDC).
• Experience with creating regular expressions, writing scripts in Python or Bash, and interacting with APIs.

Skills & Abilities :

• Ability to work independently with minimal supervision, interact tactfully and confidently with IT, security, and business leaders.
• Ability to identify existing or develop creative and innovative solutions to complex business issues.
• Strong interpersonal and communication skills to work with a variety of roles in the organization and to influence without authority.
• Strong project management skills
• Ability to problem solve across multiple disciplines (technical, legal, business)
• Clear succinct, persuasive, written and verbal communication.
• Critical thinking skills, able to break down complex technical challenges into logical and actionable components.
• Ability to communicate complex, technical concepts to a variety of stakeholders, to include executive team, business leaders and technical ability to develop and maintain positive business relationships and foster an environment of mutual respect, understanding, trust, and support.
• Excellent analytical and problem-solving skills.
• Ability to balance risks in ambiguous and complex situations.
• Highly motivated to contribute and grow within a complex area of emerging importance.

Compensation :

The Base Salary range for this role is $180,000 - $195,000 per year plus a Bonus .

The disclosed pay range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.

The compensation decisions are dependent on the facts and circumstances of each case, such as skills and experience levels.

LI-TU1

LI-Hybrid