Staff Application Security Engineer
Role details
Job location
Tech stack
Job description
The Security Engineer plays a critical role in strengthening the security of Epsilon's software applications by embedding security into the development lifecycle and advancing AI-enabled engineering practices. You will provide strategic oversight on secure coding, drive effective use of application security platforms, and leverage AI to scale security outcomes, accelerate delivery, and improve code quality across Product and Engineering teams. Rather than executing testing directly, you will guide teams in interpreting results, prioritizing remediation, and using AI responsibly, validating outputs and aligning them to Epsilon's security standards.
Success in this role requires more than technical expertise. You will be a visible, confident security advocate who clearly articulates risk, provides actionable recommendations, and influences outcomes. Through strong relationships and effective communication, you will make security understood, adopted, and sustained, not just enforced, while positioning AI as a force multiplier for both engineering productivity and product security maturity.
What you'll Achieve
In this role, you will measurably improve the security posture of Epsilon's software applications by driving consistent, risk-based application security practices across teams and leveraging AI to scale and enhance security outcomes. Through oversight, guidance, and clear recommendations, you will help reduce vulnerabilities, align practices with security policies, and evolve how application security is understood and applied across the organization. By incorporating AI-assisted approaches into engineering workflows, you will help teams accelerate remediation, strengthen code quality, and embed security earlier in the development lifecycle.
You will empower development teams through education, coaching, and ongoing engagement, helping them understand not only what security actions are required, but why they matter and how to make informed decisions. By continuously evolving application security platforms, integrating AI-driven capabilities, and building trusted, influential partnerships with engineering teams, you will help establish a proactive, security-first development culture that prioritizes resilience, integrity, and long-term sustainability of Epsilon's applications.
What You'll Do
- Provide oversight and strategic direction for Epsilon's application security platforms, ensuring they are effectively configured, adopted, and used by Product and Engineering teams (Veracode, SonarQube, Wiz experience is a plus).
- Guide and review the analysis of application security findings, working with embedded Security Champions and engineering teams to interpret results, prioritize risk, and recommend remediation strategies.
- Partner closely with Product, Engineering, and embedded Security Champions to ensure application security expectations are understood, consistently applied, and aligned with Epsilon's security policies and standards.
- Integrate AI into Application Security to Enable Secure-by-Design Engineering Drive the adoption of AI-enabled development practices that embed application security directly into the software development lifecycle. Guide teams in using AI tools to generate, review, and remediate code securely, ensuring outputs are governed, validated, and aligned with enterprise security standards. Expand application security beyond traditional tooling by positioning AI as a scalable mechanism to improve security coverage, consistency, and engineering productivity.
- Serve as a trusted advisor to engineering teams by providing clear guidance, risk context, and actionable recommendations-translating complex security risks and requirements into practical, business-relevant decisions rather than executing security testing directly.
- Communicate with confidence and clarity across technical and non-technical audiences, effectively influencing outcomes by articulating security risks, tradeoffs, and recommendations in a way that drives understanding and action.
- Produce and deliver monthly KPI-based reporting that highlights trends, risk posture, adoption metrics, and actionable insights for both technical stakeholders and executive leadership.
- Educate, coach, and enable development teams and embedded Security Champions on secure coding expectations, application security platforms, and Epsilon security policies.
- Drive the onboarding of new teams and applications into application security platforms, ensuring consistent implementation, accountability, and long-term adoption.
- Build and maintain strong, trust-based relationships across Product, Engineering, and Security to influence outcomes, reinforce shared ownership, and continuously mature application security practices.
Requirements
-
Ability to Influence and Collaborate You have the interpersonal strength to engage teams, challenge assumptions constructively, and build credibility as a trusted security partner rather than a blocker.
-
Analytical and Problem-Solving Skills You possess strong analytical skills and a structured approach to problem-solving, enabling you to effectively assess vulnerabilities and recommend practical, risk-based solutions.
-
Organizational Discipline You bring a personal framework for consistency, accuracy, and repeatable deliverables, ensuring dependable execution and clear outcomes.
-
Educational Background A bachelor's or master's degree in computer science or related field & at least 5 years of hands-on experience in application security or cybersecurity provides a solid foundation for understanding modern security challenges.
-
App Sec Experience Experience with application testing (e.g., SAST, DAST, MAST, RAST, IAST). Direct experience in application vulnerability management processes. Strong understanding of threat modeling.
-
Technology Proficiency Proficiency with Microsoft Office tools (Outlook, Excel, Word, PowerPoint) supports clear documentation, reporting, and executive-ready communication.
-
Effective Use of AI to Enhance Engineering Productivity You leverage AI-assisted tools and workflows to accelerate development, improve code quality, and embed security into the engineering lifecycle. You understand how to guide AI outputs, validate results, and apply them responsibly, enabling teams to scale secure development practices, reduce manual effort, and deliver solutions more efficiently.
-
Scripting and Infrastructure Experience Strong knowledge of Bash scripting and tools such as Ansible and Terraform demonstrates your ability to automate and manage security at scale in cloud-based environments.
-
Developer Mindset Prior experience as a software developer and familiarity with cybersecurity concepts allow you to communicate effectively with engineering teams and deliver practical, developer-friendly security guidance.