[Remote] Application Security Engineer (REMOTE)
Note: The job is a remote job and is open to candidates in USA. EnerSys is a global leader in stored energy solutions for industrial applications. The Application Security Engineer is responsible for strengthening the security of applications and platforms, collaborating with software engineers and DevOps teams to embed security throughout the software development lifecycle.ResponsibilitiesServe as a primary liaison between the Cybersecurity and development teams, ensuring security is integrated into design, development, deployment, and operationsConduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilitiesDefine, maintain, and enforce secure coding standards, patterns, and best practicesIntegrate and manage security tooling within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutionsSupport secure architecture reviews for cloud‑native applications, microservices, and containerized workloadsSupport threat modeling, risk assessments, and security architecture reviews for applicationsEnsure that all security practices meet regulatory and compliance requirementsDevelop and deliver cybersecurity training programs for development teams to promote awareness and adherence to best practicesEnsure application security practices align with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443)Keep up to date on emerging threats, incorporating threat intelligence into security practices and providing proactive defensesMonitor and respond to application security threats, incidents and vulnerabilitiesStay up to date on regulatory developments and industry trendsManage and maintain third-party vendor and consultant relationshipsPerform other duties as assignedSkillsBachelor's degree in a technical field (e.g., Computer Science, Information Systems, Cybersecurity)5+ years of experience in Information Security, with at least 3 years focused on application security, secure development, or DevSecOpsDemonstrated experience building and scaling an application security program, either as the lead or a key contributorStrong knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologiesHands-on experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAPExperience conducting threat modeling, penetration testing, secure software development, and secure architecture reviewsPractical experience securing cloud environments (AWS or Azure) and implementing cloud-native security controlsFamiliarity with Kubernetes security, container hardening, and runtime protectionStrong communication skills with the ability to collaborate and influence across technical and non-technical teamsMust have an active passport and be willing to travel internationallyRelevant certifications such as CISSP, CSSLP, OSCP, GWAPT, CEH, or GIAC Cloud SecurityExperience securing embedded systems and mobile applicationsBenefitsPaid time off plus paid holidaysMedical/dental/vision insurance planLife insurance, short/long term disability, tuition reimbursement, flex spending, and employee stock purchase plan401K planCompany OverviewEnerSys is the global leader in stored energy solutions for industrial applications. We complement our extensive line of motive power, It was founded in 1996, and is headquartered in Reading, Pennsylvania, USA, with a workforce of 5001-10000 employees. Its website is http://enersys.com.