Principal Application Security Engineer

Veracity Solutions

$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of Engineering experience in a related field.
  • 3+ years of experience with Cloud technologies (e.g., GCP, Azure, AWS).
  • 5+ years of development experience across multiple programming languages.
  • 3+ years of hands-on experience with secure DevOps and cloud deployment automation.
  • 2+ years of experience using ServiceNow.
  • Proven expertise in Penetration Testing and root cause analysis for SDLC security problems.
  • Familiarity with dynamic and static analysis security testing practices.

Responsibilities

  • Lead complex, cross-functional technology projects in Application Security.
  • Influence leadership and peers through effective presentations.
  • Collaborate with Cybersecurity and Technology teams to enhance automation and secure development.
  • Support the ongoing evolution of DevSecOps practices within the organization.
  • Automate and integrate Application Security controls within the CI/CD pipeline.
  • Mentor junior engineers and foster their professional development.
  • Design, prototype, and implement solutions to complex security issues.
  • Promote a culture of innovation within Application Security.

Benefits

  • Hybrid work schedule with 3 days on-site.
  • Opportunity to mentor and develop junior engineering talent.
  • Focus on innovation in Application Security best practices.
  • Involvement in transformative projects that impact software development lifecycle.
  • Access to professional development opportunities within a leading financial institution.
Full Job Description
Job Title: Principal Application Security Engineer

Duration: 12+ Months

Location: Charlotte, NC / Dallas, TX / Minneapolis, MN / Phoenix, AZ - Hybrid Role (3 days/week onsite)

In this role, you will:
• Drive strategic efforts and lead transformative projects in the application security program. The ideal candidate will lead the charge in identifying and developing our next generation automation and application security solutions. The ideal candidate should have a proven track record of successfully bringing ideas to full production implementation in a large, complex environment. This person will be viewed as a Subject Matter Expert (SME) within the application security domain. This individual will possess a mindset focused on creating proactive, preventative, and predictable solutions.
• The Application Security function within Cybersecurity is responsible for the secure software training, practices, and processes to address security risks across all phases of the Wells Fargo software development life cycle and prevent the introduction of unmanaged software security risks, through proactive code reviews, regulatory scanning, and advanced penetration testing techniques.

Key Responsibilities :
• Lead complex, cross-functional technology projects across Application Security
• Present to and be able influence leadership and peer organizations
• Collaborate with Cybersecurity and Technology groups to improve automation and enable secure development
• Support the evolution of DevSecOps
• Drive automation and integration of Application Security controls in the CI/CD pipeline
• Provide mentoring and development to more junior and entry level engineering talent
• Design, prototype, test and implement solutions to complex problems
• Drive a culture of innovation across Application Security

Required Qualifications:
• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of Cloud experience (GCP, Azure, AWS)
• 5 + years - Development experience in more than one language
• 3+ years of experience with secure DevOps and deployment automation to cloud environments
• 3 + years - CI/CD integration experience
• 2+ years of ServiceNow Experience
• Demonstrated experience in Penetration Testing
• Demonstrated experience in determining root cause analysis for actionable SDLC security updates
• Dynamic Analysis Security Testing (DAST) experience
• Knowledge of Kubernetes Containerization Strategy
• Static Analysis Security Testing (SAST) experience (Checkmarx, Fortify, Semgrep, manual code review, etc.)
• Recent Java or C# & .NET CORE development experience including the development of RESTful APIs
• Experience with SDLC and Agile methodologies
• Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices

Job Expectations:
• bility to Travel up to 10% of the time

Similar Jobs

More Jobs at Veracity Solutions

More Information Technology Jobs

Find similar Principal Application Security Engineer jobs: