Lead Application Security Engineer

Job Description

SUMMARY: As an Application Security Engineer, it is your responsibility to ensure that the applications and software systems within your organization are secure and trustworthy. You will collaborate closely with software developers, DevOps teams, and other stakeholders to identify potential security weaknesses and implement measures to prevent them. Your role involves designing, deploying, and maintaining secure cloud applications that meet business requirements. This is an advanced position that requires you to deliver applications at scale with resilience to support business objectives. To succeed in this role, you must be proficient in managing multiple applications and data systems to maintain the required level of rigor to comply with business objectives. Additionally, you must plan and design policies and maintain them. You will work closely with security leadership to continuously assess the threat landscape and adapt quickly to safeguard the organization against risk.

ESSENTIAL FUNCTIONS:   Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.

• Conduct security testing, including code reviews, penetration testing, and vulnerability assessments to identify potential weaknesses in applications. You will use various tools and methodologies to detect and analyze security issues.
• Analyze application source code to identify security flaws, adherence to security best practices, and potential areas of improvement. You'll work with developers to help them understand and address security concerns in their code.
• Review the application architecture and design to ensure security considerations are adequately incorporated at every stage of development.
• Develop and maintain security tools, scripts, and automation to streamline security testing processes and integrate security into the development lifecycle.
• Protect business applications in compliance with privacy, security, business resiliency and compliance frameworks as defined in corporate policies.
• Attend regular technical project and implementation meetings and serve as the security consultant to help guide secure application and infrastructure configurations.
• Perform threat modeling exercises to identify potential security threats and risks in applications and provide recommendations to mitigate them.
• Manage remediation efforts after security assessment findings outline weaknesses requiring attention.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Assist in the investigation and resolution of application security incidents. Collaborate with incident response teams to contain and mitigate security breaches.
• Assist with development, maintenance and utilization of scripts (e.g., Python, JavaScript, etc);
• Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply learned knowledge across key lines of business, including products, practices and procedures.
• Integrate security into the software development life cycle by providing guidance and expertise throughout all phases of development.
• Attend and fully engage in change and project management meetings.

Supervisory Responsibilities: This position has no formal supervisory responsibilities.

MINIMUM REQUIRED QUALIFICATIONS:   

• Bachelor’s degree in Computer Science, Information Assurance, or a related field and
• 5+ years of experience in application security or software development with a focus on security OR
• Equivalent combination of education and experience

Certificates and Licenses: One or more including CISSP, CEH, OSCP, or CSSLP, AWS Certified Security - Specialty, Certified Application Security Engineer (CASE)

OTHER REQUIRED QUALIFICATIONS: 

• Strong knowledge of application security principles, secure coding practices, and common security vulnerabilities (e.g., OWASP Top 10).
• Experience with security testing tools, such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tools.
• Proficiency in secure coding practices and familiarity with common vulnerabilities (e.g., OWASP Top 10, CVEs).
• Strong understanding of application layer security concepts, including authentication, authorization, encryption, and API security.
• Experience with integrating security tools into CI/CD pipelines.
• Excellent communication and collaboration skills to work effectively with cross-functional teams.
• Experience and understanding of various regulatory requirements and laws, including but not limited to: Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: ISO 27001/2, ITIL or NIST
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines. Strong analytical and problem-solving skills, with the ability to assess risks and provide mitigation strategies.
• Familiarity with agile development processes and cloud-native application security.
• Hands-on experience with threat modeling, penetration testing, and vulnerability management.
• Ability to travel 2% of the time.
• Ability to clear required background check.  

WORK ENVIRONMENT:  The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This position is virtual and open to residents of the 50 states and Washington, D.C.

Compensation & Benefits: Stride, Inc. considers a person’s education, experience, and qualifications, as well as the position’s work location, expected quality and quantity of work, required travel (if any), external market and internal value when determining a new employee’s salary level.  Salaries will differ based on these factors, the position’s level and expected contribution, and the employee’s benefits elections.  Offers will typically be in the bottom half of the range.

• We anticipate the salary range to be $81,045.75- $201,088.80. The upper end of this range is not likely to be offered, as an individual’s compensation can vary based on several factors. These factors include, but are not limited to, geographic location, experience, training, education, and local market conditions. Eligible employees may receive a bonus. Stride offers a robust benefits package for eligible employees that can include health benefits, retirement contributions, and paid time off.

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor.  All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer. 

Job Type

Regular

The above job is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor. All employment is “at-will” as governed by the law of the state where the employee works.  It is further understood that the “at-will” nature of employment is one aspect of employment that cannot be changed except in writing and signed by an authorized officer.

Stride, Inc. is a Federal Contractor, an Equal Opportunity/Affirmative Action Employer and a Drug-Free Workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected Veteran status age, or genetics, or any other characteristic protected by law.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)