Hiring For Lead Application Security Engineer @ Scotttsdale, AZ

GTN LLC
Scottsdale, United States of America
3 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 200K

Job location

Remote
Scottsdale, United States of America

Tech stack

Java
JavaScript
Spring Security
Agile Methodologies
Artificial Intelligence
Amazon Web Services (AWS)
Application Portfolio Management
JIRA
Burp Suite
CSS
Computer Security
Data Validation
Drupal
JUnit
Maven
OAuth
Open Web Application Security
Software Maintenance
Mockito
Fortify (Software)
Secure Coding
Software Engineering
SQL Databases
Systems Integration
TypeScript
Software Vulnerability Management
Google Cloud Platform
Enterprise Software Applications
GitHub Copilot
Spring-boot
Software Security
Veracode
GIT
GWAPT
Angular
Information Technology
Rancher
Checkmarx
REST
Static Application Security Testing
Vulnerability Analysis
Microservices
Dynamic Application Security Testing

Job description

We are seeking a Lead Application Security Engineer to drive secure software development practices while providing hands-on technical leadership across our application portfolio. This role combines deep expertise in Application Security with strong Software Engineering leadership, ensuring that security is embedded throughout the software development lifecycle.

The ideal candidate is a highly skilled engineer who can assess and remediate application vulnerabilities, establish secure coding standards, influence architectural decisions, and actively contribute to the design and development of modern applications built on Java, Spring Boot, Angular, and Microservices. This individual will serve as a trusted advisor to both engineering teams and leadership, championing solutions that balance security, performance, scalability, and business objectives., * Lead application security assessments, vulnerability management, and remediation efforts across enterprise applications.

  • Perform and interpret SAST, DAST, and SCA scans using tools such as Veracode, Checkmarx, Fortify, or equivalent platforms.
  • Identify, prioritize, and drive remediation of security vulnerabilities, providing guidance on secure coding practices.
  • Design and implement security controls for REST APIs, including authentication, authorization, input validation, and data protection.
  • Develop security standards, policies, and best practices aligned with OWASP and industry frameworks.
  • Produce risk assessments, vulnerability reports, and executive-level security metrics.
  • Participate in architecture and design reviews to proactively identify and mitigate security risks.
  • Evaluate AI-generated code and leverage AI-assisted security tools to improve security operations and developer productivity.
  • Support compliance, audit, and regulatory security requirements.

Engineering Leadership

  • Provide technical leadership for application design, development, and delivery.
  • Serve as a hands-on contributor, developing and reviewing code across Java, Spring Boot, Angular, and Microservices architectures.
  • Establish engineering standards that promote high-quality, secure, and maintainable software.
  • Guide architecture decisions, system integrations, and application modernization initiatives.
  • Collaborate with stakeholders to translate business requirements into scalable technical solutions.
  • Mentor and coach development teams on secure coding, software design, and engineering best practices.
  • Drive continuous improvement in application quality, performance, reliability, and security.

Requirements

  • Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent experience).
  • 5+ years of Application Security experience, including vulnerability assessment and remediation.
  • 7+ years of Software Development experience with Java and Angular/AngularJS technologies.
  • 3+ years of Technical Leadership or Lead Engineering experience.
  • Strong expertise in Java, Spring Boot, Spring Security, REST APIs, Microservices, JavaScript, TypeScript, Angular, HTML/CSS, SQL, Git, Maven, JUnit, and Mockito.
  • Hands-on experience with application security tools and methodologies, including SAST, DAST, and SCA.
  • Deep understanding of OWASP Top 10, secure SDLC practices, and API security.
  • Experience securing applications using OAuth2, JWT, and modern authentication frameworks.
  • Strong communication, problem-solving, and stakeholder management skills., * Experience with GitHub Copilot, AI-assisted security tools, AWS, GCP, Rancher, Jira, Drupal, Burp Suite, Checkmarx, or Fortify.
  • Security certifications such as CSSLP, GWAPT, CEH, or equivalent.
  • Experience in Agile development environments and enterprise-scale application delivery.

Benefits & conditions

$180,000 - $200,000 a year - Permanent, Full-time, Pulled from the full job description

  • 401(k)
  • Health insurance
  • 401(k) matching
  • Vision insurance
  • Dental insurance
  • Life insurance
  • Employee assistance program, * 401(k)
  • 401(k) matching
  • Dental insurance
  • Employee assistance program
  • Health insurance
  • Life insurance
  • Vision insurance

Apply for this position