Application Security Engineer

As an Application Security Engineer at TQL, you'll help design, implement and maintain security controls across the software development lifecycle. You'll partner closely with engineering and product teams to ensure applications are secure by design, vulnerabilities are identified early and remediation efforts are driven without slowing development.

This role is ideal for someone passionate about secure coding, threat modeling and embedding security into modern CI/CD pipelines while enabling teams to move fast and safely., * Embed security practices throughout the software development lifecycle from design through deployment

• Perform application security testing including static, dynamic and dependency analysis
• Partner with engineering teams to triage, prioritize and remediate application vulnerabilities
• Conduct threat modeling and security architecture reviews for new and existing applications
• Develop and maintain secure coding standards and security guidelines
• Integrate application security tools into CI/CD pipelines
• Support incident response efforts related to application-level vulnerabilities
• Stay current on emerging threats, vulnerabilities and security best practices
• Provide security guidance, training and mentorship to developers

Where you'll be: 4289 Ivy Pointe Boulevard, Cincinnati, Ohio 45245

Employment visa sponsorship is unavailable for this position. Applicants requiring employment visa sponsorship now or in the future (e.g., F-1 STEM OPT, H-1B, TN, J1 etc.) will not be considered.

• 3+ years of experience in application security or software engineering
• A strong understanding of web application architectures and common vulnerabilities such as the OWASP Top 10
• Experience securing applications written in languages such as Java, C#, Python or JavaScript/TypeScript
• Hands-on experience with application security testing tools such as Snyk, Veracode, Checkmarx, Burp Suite or OWASP ZAP
• Strong understanding of authentication and authorization mechanisms including OAuth, OIDC, JWT and SAML
• Familiarity with cloud environments such as AWS, Azure or Google Cloud Platform
• Ability to clearly communicate security risks and remediation guidance to both technical and non-technical audiences
• Experience with DevSecOps practices is a plus
• Experience with container or Kubernetes security is a plus
• Security certifications such as OSCP or CEH are a plus

• Competitive compensation
• Opportunities to influence security practices across modern applications
• Exposure to cloud-native and DevSecOps environments
• Advancement opportunities with aggressive and structure career paths
• Comprehensive benefits package

• Health, dental and vision coverage
• 401(k) with company match
• Perks including employee discounts, financial wellness planning, tuition reimbursement and more

• Certified Great Place to Work and voted a 2019-2026 Computerworld Best Places to Work in IT

Total Quality Logistics (TQL) is one of the largest freight brokerage firms in the nation. TQL connects customers with truckload freight that needs to be moved with quality carriers who have the capacity to move it. As a company that operates 24/7/365, TQL manages work-life balance with sales support teams that assist with accounting, and after hours calls and specific needs. At TQL, the opportunities are endless which means that there is room for career advancement and the ability to write your own paycheck. What's your worth? Our open and transparent communication from management creates a successful work environment and custom career path for our employees. TQL is an industry-leader in the logistics industry with unlimited potential. Be a part of something big.