[Remote] Lead Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. California Correctional Health Care Services is seeking a highly skilled Lead Application Security Engineer to help secure business-critical web applications and emerging AI-enabled applications. In this role, you will work closely with developers and technology leaders to identify risks and improve secure development practices.
Responsibilities
- Lead application security initiatives using Secure SDLC, threat modeling, OWASP, AI TRiSM and NIST best practices
- Perform application security architecture reviews, application code reviews, vulnerability assessments, and application penetration testing activities
- Drive BRD, TDD, SDD, design, and code reviews with a security-risk lens; estimate effort for SAST, DAST, IAST, and application penetration-testing initiatives
- Own and advance AI powered application security strategy to safeguard applications, micro-segmentation, microservices, APIs, and UI components
- Execute Quality Agile + DevSecOps transformation activities to improve end-to-end application security across the enterprise
- Perform application vulnerability exploitation, application security audits, and application penetration testing to identify and mitigate high-risk exposures
Skills
- 5+ years of application security experience, including securing applications with privacy, and regulatory compliance (PII, PHI, PCI)
- Hands-on experience with SAST, DAST, IAST, application penetration testing, and fuzz testing tools used by ethical hackers for the AI era
- Exposure to one or more application development frameworks: C#, .NET, Java, jQuery, AngularJS, ReactJS, GraphQL, Web APIs/Services, XML and Agentic AI
- Strong knowledge of application threat modeling, continuous protection via RASP, ADR or unified security platform and AI Security methodologies
- Ability to research emerging application security technologies, zero-day vulnerabilities, AI TRiSM framework and best practices
- Experience securing Web, Cloud, Agentic AI applications and Ethical Hacking, or Application PenTest certifications are a plus
- Experience implementing application security controls and application security testing solutions through the software development lifecycle – Secure SDLC
- Working knowledge of JIRA or similar defect-tracking systems and Work Breakdown Structures
- Excellent communication, presentation and collaboration skills
Benefits
- Health Benefits Program (CalPERS)
- Retirement (CalPERS)
- Employer Health and Consolidated Benefits Contributions
- Dental, Vision
- 401(k) and 457 Deferred Compensation Plans
- Employee Assistance Program
- Group Legal Services Insurance
- Holidays, Vacation/Sick/Other Paid Leave
- Flex Elect Reimbursement Program
- Wellness and Recognition
- Alternate Work Schedules
- Transit Pass Program
- Tuition Reimbursement
- Dependent Scholarship Program
- Leadership Training
- Mentoring Program
Company Overview