Skip to main content

Senior Application Security Engineer

Posted by Javen Technologies

Chicago, IL
Permanent
Apply Now
Job Description:
Key Responsibilities:-
  • Secure Software Development Lifecycle Leadership Lead the integration of security controls into CI/CD pipelines, including static analysis, software composition analysis, dynamic testing, secrets management, and container security workflows.
  • Define and continuously improve application security quality gates and review procedures in alignment with Modern Engineering SDLC practices.
  • Lead the integration of application security controls into CI/CD pipelines, including SAST, SCA, DAST, secrets detection, and container security, with automated gating and scalable DevSecOps workflows.
  • Define and continuously improve application security quality gates and review processes aligned to Modern Engineering SDLC standards, including risk based thresholds, exception handling, and audit ready documentation.
  • Provide expert guidance on secure architectures and design patterns, advising engineering teams on security tradeoffs for cloud native, microservices, and API driven solutions

Secure Coding Standards & Governance
  • Own the development, maintenance, and enforcement of enterprise secure coding standards.
  • Align secure coding governance with established Bank technology standards, including SDLC, secure development expectations, and code review procedures.
  • Ensure teams understand and implement secure-by-default development practices throughout all project phases.
  • Deep expertise with Static Application Security Testing (SAST) platforms, including scan configuration, custom rule or query tuning, results triage, risk based prioritization, and disciplined false positive suppression with documented justification. - Preferred: Experience with Checkmarx SAST / Checkmarx ONE, including custom query ( CxQL) tuning and enterprise scale result management.
  • Strong experience with Software Composition Analysis (SCA) tools, covering open source dependency analysis, license compliance, vulnerability assessment, policy configuration, and developer focused remediation guidance. - Preferred: Hands on experience with Checkmarx SCA in CI/CD integrated environments.
  • Proficiency with Infrastructure as Code (IaC) security scanning across technologies such as Terraform, CloudFormation, Kubernetes, and Helm, including rule tuning and remediation recommendations aligned with cloud security best practices. - Preferred: Experience using Checkmarx KICS for IaC and container configuration scanning.
  • Hands on experience with Dynamic Application Security Testing (DAST), including scan configuration, authentication handling, API scanning, vulnerability validation, and false positive management.
  • Demonstrated ability to analyze, validate, and contextualize findings across SAST, SCA, IaC, and DAST tools, translating technical results into clear, actionable, and risk informed remediation guidance for development teams.
  • Extensive experience integrating application and cloud security tooling into CI/CD pipelines, implementing security gates, and aligning scan outcomes with modern DevSecOps workflows. - Preferred: Experience integrating Checkmarx platforms with CI/CD pipelines and broader cloud or application security ecosystems.

Advanced Secure Code Reviews
  • Perform deep-dive manual and automated secure code reviews for complex, high-risk applications and services.
  • Identify systemic vulnerabilities and recommend structural code and design improvements.
  • Serve as the primary escalation point for security concerns raised during code review or pipeline security scans.
  • Proven background in secure code reviews, vulnerability root-cause analysis, and validating fixes across multiple languages and frameworks.
  • Proficiency in one or more programming languages (e.g., Java, C#, Python, TypeScript) with a strong understanding of modern application architectures including microservices, APIs, containers, and cloud native platforms.

Threat Modeling & Application Risk Assessments:
  • Lead threat modeling sessions for new and existing applications, cloud-native architectures, and major platform initiatives.
  • Assess application architectures for security gaps and recommend compensating or preventative controls.
  • Partner with engineering, Cloud, Architecture, and DevOps teams to embed security into design decisions.

Vulnerability Management & Security Advisory:
  • Own remediation guidance for high- and critical-severity findings across AppSec scanners, third party assessments, and internal reviews.
  • Influence prioritization decisions by applying expert judgment to business risk, architectural impact, and threat landscape considerations.
  • Support program-level improvements to vulnerability lifecycle management across engineering teams.

Technical Leadership & Mentoring:
  • Provide coaching and mentoring to Application Security Engineers, developers, and DevOps staff, consistent with expectations for senior Bank engineers.
  • Advocate for secure engineering practices across teams and promote a strong security culture within the SDLC.
  • Contribute to enterprise communities of practice, working groups, and secure development initiatives.

Required Qualifications:
  • 6 8 years of experience in application security, software engineering, product security, or DevOps with a strong security focus, consistent with senior engineer expectations.
  • Deep expertise in secure software design principles, threat modeling methodologies, and enterprise application security controls.
  • Extensive experience with CI/CD security integration and DevSecOps tooling (SAST, SCA, DAST, secrets management, container security).
  • Demonstrated experience performing and leading secure code reviews and providing actionable remediation guidance.
  • Proficiency in one or more programming languages (e.g., Java, C#, Python, TypeScript) and familiarity with modern application architectures (microservices, containers, APIs, cloud-native).

Preferred Qualifications:
  • Experience designing or evaluating secure architectures in cloud platforms such as AWS or Azure, aligned with senior engineering expectations in other Bank roles.
  • Familiarity with enterprise SDLC governance, Agile methodologies, and security-by-design frameworks.
  • Prior experience leading large-scale DevSecOps initiatives or maturing application security programs.
  • Relevant certifications such as CISSP, CSSLP, GWEB, or cloud security certifications.
  • Experience with Checkmarx, Prisma Cloud, Jfrog Xray or similar tools
  • Experience with common programming languages including C#, Java, and YAML.

Core Competencies:
  • Advanced problem-solving and analytical capabilities.
  • Ability to communicate complex security concepts to technical and non technical audiences.
  • Strong collaboration and influence skills; able to drive alignment across engineering, cloud, risk, and security teams.
  • Demonstrated commitment to continuous improvement, engineering excellence, and secure software delivery.
Apply Now

Job Type: Permanent

Job ID: 253475690

Apply Now

Related Sectors

Engineering|It & Telecoms|Management|Construction|Software Engineer|Administration|Architecture|Developer|Web Developer|Architect

Related by job title

Software Engineer Jobs|Infrastructure Architect Jobs|Network Planning Engineer Jobs|Senior Software Engineer Jobs|Ai Engineer Jobs|Cloud Infrastructure Engineer Jobs|Desktop Support Engineer Jobs|Engineer Electrical Analytical Jobs|Engineer Software 3 Jobs|Field Technician Jobs