Greetings from IT Engagements

Role: Application Security Engineer (W2 Role, NO H1B)

Location: Carrollton, TX (NW Dallas).

Overview:

The Application Security Engineer champions the integration of security at every stage of the SDLC, partnering with IT and development teams to implement threat modeling, security reviews, and automated assessments that strengthen and evolve the organization's application security posture.

Experience building AppSec Engineering | DevSecOps programs from scratch.

Ability to work through the politics of building something new and ruffling feathers while building relationships

Provide training and coordinating with app dev team to create secure code practices

1. Azure DevOps

2. Aws DevOps

3. Github

Responsibilities:

• Oversee and support the execution of the Application Security program, providing security governance and guidance across engineering teams.
• Drive the implementation and usage of application security tooling (e.g., SAST, DAST, SCA, fuzz testing) while maintaining flexibility across technologies.
• Collaborate with stakeholders to define security metrics and reporting mechanisms that inform leadership and guide remediation priorities.
• Mentor developers and serve as the voice of application security-translating risks into actionable strategies for both technical and non-technical stakeholders.
• Ensure that vulnerabilities are remediated before code moves to production and provide guidance on the remediation process for application/API security vulnerabilities.
• Tracking and managing vulnerabilities while working with developers to empower them with secure coding practices.
• Coordinate with Application Development and Security teams to foster collaboration and ensure that security is embedded throughout the development lifecycle.
• Utilize automation to Incorporate security measures into the DevOps pipeline to protect applications and APIs.
• Evaluate third-party services for potential weaknesses in their security posture.

Qualification:

• 5+ Years' experience in Application Security with demonstrated success securing web, mobile, or cloud apps in production, with hands-on SAST/DAST/SCA experience.
• Proven ability to assess existing security designs and strategically mature them over time, moving beyond basic implementations to robust, resilient systems
• Deep knowledge of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.).
• Strong knowledge of common web, API and cloud vulnerabilities (e.g. OWASP Top 10, CWE, auth flaws etc.)
• Deep knowledge of vulnerabilities, reachability, exploitability and how they affect applications
• Skills in code scanning methods including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC) Security, API Security, and Dynamic Application Security Testing (DAST)
• Knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications
• Experience with custom scripting (python, C++, PowerShell, bash, etc.) and process automation Strong knowledge of common enterprise infrastructure technology stacks and network configurations
• Knowledge of shift-left strategies and embedding controls early in the development lifecycle
• Knowledge of automated code scanning tools and development pipeline tools
• Ability to balance security requirements with business needs

Thank you