[Remote] Lead Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. California Correctional Health Care Services is seeking a highly skilled Lead Application Security Engineer to help secure business-critical web applications and emerging AI-enabled applications. In this role, you will work closely with developers and technology leaders to identify risks and improve secure development practices.ResponsibilitiesLead application security initiatives using Secure SDLC, threat modeling, OWASP, AI TRiSM and NIST best practicesPerform application security architecture reviews, application code reviews, vulnerability assessments, and application penetration testing activitiesDrive BRD, TDD, SDD, design, and code reviews with a security-risk lens; estimate effort for SAST, DAST, IAST, and application penetration-testing initiativesOwn and advance AI powered application security strategy to safeguard applications, micro-segmentation, microservices, APIs, and UI componentsExecute Quality Agile + DevSecOps transformation activities to improve end-to-end application security across the enterprisePerform application vulnerability exploitation, application security audits, and application penetration testing to identify and mitigate high-risk exposuresSkills5+ years of application security experience, including securing applications with privacy, and regulatory compliance (PII, PHI, PCI)Hands-on experience with SAST, DAST, IAST, application penetration testing, and fuzz testing tools used by ethical hackers for the AI eraExposure to one or more application development frameworks: C#, .NET, Java, jQuery, AngularJS, ReactJS, GraphQL, Web APIs/Services, XML and Agentic AIStrong knowledge of application threat modeling, continuous protection via RASP, ADR or unified security platform and AI Security methodologiesAbility to research emerging application security technologies, zero-day vulnerabilities, AI TRiSM framework and best practicesExperience securing Web, Cloud, Agentic AI applications and Ethical Hacking, or Application PenTest certifications are a plusExperience implementing application security controls and application security testing solutions through the software development lifecycle – Secure SDLCWorking knowledge of JIRA or similar defect-tracking systems and Work Breakdown StructuresExcellent communication, presentation and collaboration skillsBenefitsHealth Benefits Program (CalPERS)Retirement (CalPERS)Employer Health and Consolidated Benefits ContributionsDental, Vision401(k) and 457 Deferred Compensation PlansEmployee Assistance ProgramGroup Legal Services InsuranceHolidays, Vacation/Sick/Other Paid LeaveFlex Elect Reimbursement ProgramWellness and RecognitionAlternate Work SchedulesTransit Pass ProgramTuition ReimbursementDependent Scholarship ProgramLeadership TrainingMentoring ProgramCompany OverviewCalifornia Correctional Health Care Services provides medical, dental, and mental health care services. It was founded in 2006, and is headquartered in Elk Grove, California, USA, with a workforce of 10001+ employees. Its website is https://cchcs.ca.gov.