Sr Applications Security Engineer

The Senior Application Security Engineer will serve as a technical leader and owner of company application security capabilities. This role is responsible for implementing and operating secure software development practices across the enterprise, with a strong focus on static and dynamic code analysis, DevSecOps integration, AI-related code risk, and risk-based vulnerability management. We are looking for an experienced practitioner who can operate independently, take ownership of outcomes, and partner effectively with engineering, architecture, and risk teams to deliver practical, scalable security solutions.

The ideal candidate will live within driving distance of the Omaha, Nebraska office.This position allows remote flexibility but will have 1 day per week in the office.

If living in one of our approved states (Florida, Iowa, Kansas, Minnesota, Missouri, Nebraska, North Dakota, and Texas) - this person may travel to our headquarters based on business needs.

What you'll do:

• Own and operate application security tooling, including SAST, DAST, and software composition analysis, ensuring tools are tuned, effective, and aligned to business risk.
• Embed application security into CI/CD pipelines and development workflows to support shiftleft security while minimizing developer friction.
• Perform secure code reviews and validate vulnerabilities for exploitability, impact, and remediation feasibility.
• Define and maintain secure coding standards, guidance, and reusable security patterns for development teams.
• Establish guardrails and review expectations for AIassisted and AIgenerated code, reducing unowned and unmanaged application risk.
• Partner with development teams to triage findings, reduce false positives, and drive effective remediation.
• Apply riskbased decision making aligned to organizational risk appetite and compliance frameworks (NIST, HIPAA, SOC 2).
• Support application threat modeling and identification of architectural security gaps.
• Collaborate with cloud, platform, and identity teams to ensure applications integrate securely with enterprise services.
• Contribute to audit readiness, evidence collection, and regulatory support related to application security controls.
• Reduce singlepointsoffailure by documenting processes, mentoring others, and improving program resiliency.

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 6 years of experience in application security, secure software development, or DevSecOps.
• Handson experience with SAST, DAST, and dependency scanning tools, including tuning and operational ownership.
• Strong understanding of application vulnerability classes (OWASP Top 10, APIs, authentication, authorization).
• Experience integrating security into CI/CD pipelines and development workflows.
• Proven ability to assess risk, prioritize remediation, and clearly communicate decisions.
• Comfort working independently, taking ownership, and driving outcomes with minimal oversight.
• Strong communication skills with the ability to work effectively with developers, architects, and leadership.

An equivalent combination of education and experience may be substituted for this requirement. The ability to meet or exceed the attendance and timeliness requirements of their departments. On-call work may be required based on business needs and role assignment. The ability to work well in a team environment and be capable of building and maintaining positive relationships with other staff, departments, and customers.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Other duties may be assigned.

The strongest candidates will also have:

• Experience in healthcare or other regulated industries.
• Familiarity with Azure PaaS and cloudnative application architectures.
• Exposure to AIassisted development risks, automation, or modern codegeneration tools.
• Threat modeling experience and security design review participation.
• Scripting or automation experience (Python, PowerShell, Bash).
• Relevant certifications (CSSLP, GWAPT, CISSP, or equivalent).

At Blue Cross and Blue Shield of Nebraska, we are a mission-driven organization dedicated to championing the health and well-being of our members and the communities we serve. Our team is the power behind that promise. And, as the industry rapidly evolves and we seek ways to optimize business processes and customer experiences, there's no greater time for forward-thinking professionals like you to join us in delivering on it! As a member of Team Blue, you'll find purpose, opportunities and the support you need to build a meaningful career and make a powerful impact in our community.