Software and Application Security Engineer

๐ŸŒ Remote, USA ๐ŸŽฏ Full-time ๐Ÿ• Posted Recently

Job Description

We are seeking a Sr Software Engineer to join our progressive information technology Software and Platform Engineering optimization team to help us mature our software security practice. This highly skilled and experienced Application Security Engineer/Specialist will bring hands-on expertise in analyzing risk from vulnerabilities and assessing their impact on custom applications and open-source libraries. The ideal candidate will have a deep understanding of open-source vulnerability remediation, along with practical experience in remediation for Java and JavaScript software. The candidate should also understand risk mitigation techniques to ensure the security of software applications. Essential Duties and Responsibilities: ยท Set up and operate software security testing techniques in conformity with the technical reference architecture and the companies security policies and guidelines ยท Conduct in-depth analysis of open-source threats and vulnerabilities (including zero-day), collaborate with engineering teams to evaluate and assess the impact of vulnerabilities on current code, including libraries, frameworks, and dependencies. ยท Identify and prioritize high-risk open-source components within our codebase, considering factors such as exploitability, severity, and exposure. ยท Develop and implement remediation and risk mitigation plans to address identified vulnerabilities ยท Coaching and hands on experience for code refactoring, patching, and dependency updates. ยท Identify and recommend engineering design changes to help reduce vulnerabilities. ยท Champion and evangelize secure coding practices with the engineering community. ยท Develop and lead security reviews and drive innovative security remediation efforts. ยท Provide technical designs for innovative software solutions to address security risks. ยท Coaching and assisting in administration and configuring of security tools, documenting secure configurations. ยท Serve as an Application security consultant and advisor for software engineering teams in assisting with secure coding best practices, threat detection, Software security vulnerabilities, security reviews, remediation recommendations throughout the delivery lifecycle. ยท Building relationships and developing partnerships with engineering/development, security operations, enterprise and application architecture teams to mature Security Coding practices for the company owned applications and platforms. ยท Stay informed about emerging threats and vulnerabilities in the open-source community, understanding impact of attacks, controls and mitigation measures in the application security space. ยท Communicate project related security risks, control and remediation measures accurately and in a timely manner to stakeholders and impacted teams. ยท Integrate and adhere with the defined development and delivery process/ Change Management, SLA Compliance, productivity and other enterprise goals. ยท Serve as a thought leader, change agent and influencer within the enterprise providing feedback to leadership, engineering, architecture and security operation team members. Desired Competencies: ยท Strong spoken and written communication skills ยท Analytical and Problem-solving mindset ยท Developer background with experience in all types of application security testing specific to Software composition Analysis. ยท Good understanding of web application security, static security testing, cloud security, container security - tools, scan, triage, risk evaluation and remediation. ยท Thorough understanding and experience in identifying and mitigating application vulnerabilities publicized by OWASP, WASC, CWE, CVE etc. ยท Strong knowledge on industry best practices, code review and analysis ยท Proficient with source code security review and remediation. ยท Experience working with application development teams, architecture teams, security teams, and infrastructure teams. ยท Has advised and guided teams with secure coding practices and design best practices for security risk recommendation and remediation. ยท Thorough familiarity with different industry standard tools for code repository management, code quality, DevOps, containers, and AWS cloud services. ยท Hands on experience with tools such as Sonatype, Qualys, SonarQube, and AWS Inspector. ยท Proficient with the following languages: JavaScript, Java, and Python ยท Working knowledge of GitHub, AWS ECS/EKS, AWS Lambda, Docker, Terraform. Essential Soft Skills ยท Interested in learning and applying new technologies and concepts while staying up to date with technology tools and trends in the industry. ยท Possess a positive, can-do attitude and enjoys making a difference in the business through technical contributions ยท Ability to think creatively, stimulate new ideas and challenge existing thinking. ยท Excellent communication skills and ability to articulate technology topics to both technical and non-technical audiences ยท Mortgage Industry Experience would be a plus Educational Requirements: ยท Position requires a bachelorโ€™s degree in computer science or computer engineering with AWS certifications and security certifications and/or equivalent experience. ? High-Level Role Summary ยท Title: Sr. Software Engineer / Application Security Specialist ยท Core Purpose: Act as a bridge between development and security teams, ensuring secure coding practices and improving the organizationโ€™s application and cloud security posture. ยท Focus: Hands-on vulnerability analysis, remediation strategies, and security architecture guidance for Java/JavaScript applications and cloud environments (AWS). ? Ideal Candidate Profile ยท Background: Started as a software engineer (Java preferred), transitioned into application security. ยท Hybrid Skillset: Strong in secure coding principles + security frameworks + cloud security. ยท Communication: Able to translate technical security risks into developer-friendly guidance and influence both engineering and security teams. ยท Leadership: Experience leading small teams (2โ€“3 people) and driving security initiatives. ยท Tools & Practices: o SonarQube / Sonatype for code vulnerability scanning o Familiar with DevOps/DevSecOps practices o AWS security architecture and certifications o DAST/SaaS tools, running POCs, evaluating vendors ยท Responsibilities: o Draw flowcharts, architecture diagrams, incident response strategies, and security roadmaps o Evaluate and improve security posture maturity o Work closely with CISO and security team to align development with enterprise security goals o No penetration testingโ€”focus is on code-level security and posture improvement ยท Bonus: Experience with AI security ? Key Deliverables ยท Implement and manage secure coding practices across development teams ยท Conduct code vulnerability analysis and remediation (Java/JavaScript focus) ยท Create roadmaps and dashboards for security posture improvement ยท Lead POCs for security tools and recommend best-fit solutions ยท Collaborate with CISO and security leadership on cloud and application security strategy ? Interview Focus ยท Past experience bridging development and security ยท Hands-on remediation examples and artifacts (flowcharts, architecture diagrams, dashboards) ยท Case studies on security posture improvement ยท Knowledge of AWS security, DevSecOps, and vulnerability management tools Job Type: Contract Pay: $53.40 - $64.31 per hour Application Question(s): โ€ข Do you have JavaScript experience ? โ€ข Do you have working experience in OWASP, WASC, CWE, CVE ? โ€ข Do you have experience in GitHub, AWS ECS/EKS, AWS Lambda, Docker, Terraform? โ€ข are you okay to work on W2 ? โ€ข Can i know your pay rate expectation on W2 ? Work Location: Remote Apply tot his job

Ready to Apply?

Don't miss out on this amazing opportunity!

๐Ÿš€ Apply Now

Similar Jobs

Recent Jobs

You May Also Like