Senior Application Security Engineer

Job Description:

Job Title: Developer Security Operations Engineer

Department: Information Security
Reports To: Director of Cybersecurity Engineering
Location: Salt Lake City, UT | Louisville, KY | Remote

Authorized: Must be authorized to work in the U.S. (e.g., no H1B sponsorship requirements)

Position Summary:

We are seeking a skilled Developer Security Operations Engineer to join our security team and help integrate security best practices throughout the software development lifecycle (SDLC). This role focuses on embedding security into development processes, managing secure coding standards, and collaborating with engineering teams to ensure applications are resilient against threats. The ideal candidate will have 3–5 years of application security experience and a strong understanding of SDLC management.

Key Responsibilities:

• Secure Development Integration

• • Partner with development teams to integrate security controls into the SDLC.

  • Review and enhance secure coding practices and guidelines.

  • Conduct code reviews and provide remediation guidance for vulnerabilities.

• Application Security Management

• • Implement and maintain application security tools (e.g., SAST, DAST, dependency scanning).

  • Monitor and manage vulnerabilities across applications and development pipelines.

  • Collaborate with DevOps teams to ensure secure CI/CD practices.

• Security Operations Support

• • Assist in incident response related to application vulnerabilities.

  • Develop and maintain security playbooks for application-related incidents.

  • Provide technical expertise during security assessments and audits.

• Collaboration & Training

• • Educate developers on secure coding principles and threat modeling.

  • Work closely with product and engineering teams to align security requirements with business goals.

  • Advocate for security automation and continuous improvement in development workflows.

Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, or related field preferred (not required).

• 3–5 years of application security experience with a strong understanding of SDLC management.

• Familiarity with secure coding standards (e.g., OWASP Top 10) and threat modeling.

• Experience with application security tools (SAST, DAST, SCA) and CI/CD pipelines.

• Strong communication skills and ability to collaborate across technical teams.