[Remote] Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. CivicPlus is a company focused on innovation and collaboration to impact local government and the residents they serve. The Application Security Engineer is responsible for embedding security throughout the software development lifecycle, leading application security testing, and driving vulnerability remediation efforts.ResponsibilitiesPerform security code reviews, threat modeling, and architecture reviews across all development projects as part of secure Software Development Lifecycle (SDLC)Collaborate with development teams to integrate secure design, secure coding standards, and security controls across the SDLCIdentify, track, and validate vulnerabilities and security defects from security testing and scanning, collaborating with development teams to inform and prioritize remediation within compliance timeline requirementsCoordinate external, independent penetration testing of production environmentsLead application security testing, including static, dynamic, and interactive application security testing (SAST, DAST, IAST)Serve as a subject matter expert on application security vulnerabilities (such as the OWASP Top 10) and emerging threatsPartner closely with organizational functions and key stakeholders to provide guidance, tooling, and training to development teams and ensure secure design principles are applied, risks are mitigated, and applications are resilient against modern threatsSkills3 – 7 Years of experience in application security, secure development, penetration testing, or related fieldStrong understanding of Secure Software Development Lifecycle (SSDLC), application security controls, and vulnerability managementFamiliarity with secure coding practices across multiple development languages (such as C#, Go, Java, JavaScript, or Python)Knowledge of cloud-native and SaaS application environmentsSecurity+, GSEC, GSSP or equivalentBachelor's degree in Computer Science, Cybersecurity, Information Security, Information Systems, or a related fieldBenefitsComprehensive health insuranceDental insuranceVision insuranceFlexible Time Off401(k) planCompany OverviewCivicPlus is the only government technology company exclusively committed to powering and empowering governments to efficiently operate, serve, and govern through the use of our innovative and integrated technology solutions purpose-built and supported by former municipal leaders and award-winning support teams. It was founded in 1998, and is headquartered in Manhattan, Kansas, USA, with a workforce of 501-1000 employees. Its website is http://www.civicplus.com.