Apply on Employer Site

Cox Enterprises · 2 months ago

Lead Application Security Engineer - 19562

Atlanta GA

Full-time

Hybrid

Senior Level, Lead/Staff

$120K/yr - $199K/yr

6+ years exp

Cox Automotive is a leading company in the automotive technology sector, and they are seeking a Lead Application Security Engineer. The role involves partnering with Security Engineering and Architecture teams to design secure software, conduct secure code reviews, and provide guidance on application security best practices.

AdvertisingBroadcastingDigital MediaTelecommunications

Growth Opportunities

H1B Sponsor Likely

Responsibilities

Operate, administer, and continuously improve our off the shelf AppSec and CloudSec tools (WAF infrastructure management, user onboarding, policy/config, integrations)

Triage and disposition vulnerabilities across SAST/DAST/SCA/API/IaC/CSPM sources; lead false positive reviews and suppression/exception workflows with strong audit trails

Partner with Cloud Platform teams to harden AWS/Azure/GCP environments using CSPM/CNAPP controls, guardrails, and baselines; guide secure patterns for serverless, containers/Kubernetes, and secrets management

Support system administration, configuration, and maintenance for the AppSec/CloudSec/WAF toolset (identity/roles, agent health, connectors, backups, upgrades, and DR testing)

Evaluate security tools on an ongoing basis, to ensure we are leveraging the best toolset that meets the enterprise's needs

Serve as first-line triage for Responsible Disclosure submissions, reproduce issues, determine severity/impact, assign owners/SLAs, and track to closure

Ensure consistent communications with Responsible Disclosure reporters and internal stakeholders and maintain accurate records for compliance

Use scripting/automation (Python, PowerShell, Bash, REST APIs, Terraform modules, GitHub Actions/Azure DevOps/GitLab CI) for ad hoc fixes and to reduce toil (bulk policy changes, project provisioning, baseline exceptions, report consolidation)

Stakeholder for helping design Secure Pipelines to be implemented by the Security Engineering Enablement team

Qualification

Application SecurityCloud SecuritySAST/DAST/SCADevSecOpsPythonAWS/Azure/GCPOWASP Top 10API SecurityCommunication SkillsMentoringCollaboration

Required

Bachelor's degree in a related discipline and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years' experience; a Ph.D. and 1 year of experience; or 18 years' experience in a related field

2 years in Application / Product security or software engineering with a strong security focus

Hands on depth with modern SDLC/DevSecOps in cloud-native environments: microservices, APIs, containers/Kubernetes, serverless, IaC (Terraform/CloudFormation/ARM/Bicep), and CI/CD integration

Practical expertise operating and tuning SAST, DAST, SCA, API testing, IaC/container scanners, plus CNAPP for multi cloud

Scripting/automation proficiency (Python preferred; PowerShell/Bash nice) and REST API integration skills; able to create quick utilities and pipeline jobs to reduce manual effort

Strong knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design patterns, cryptography fundamentals, authN/Z (OAuth2/OIDC/JWT), and common web/API vulns and mitigations

Experience triaging responsible disclosure or bug bounty reports and driving coordinated remediation with product teams

Excellent communicator who can simplify complex risk for engineers and leaders; bias to action and measurable outcomes

Familiarity with software supply chain security (SBOMs, signing, provenance, dependency risk) and runtime protection (RASP, WAF/WL, EDR for containers)

Strong understanding of cloud architecture and infrastructure

Collaborate with AI agents to build, test, and deploy software across the SDLC, by using proper contextual inputs to improve AI understanding and output quality

Implement AI-powered features and pipelines in our software

Contribute to prompt engineering experimentation and share tool usage insights

Define coding standards, review practices, and ethical guidelines for AI use

Mentor peers and coach junior team members on AI-augmented development

Preferred

WAF engineering experience (policy design, tuning, false positive management, bot/rate limit controls, logging/observability, blue/green rollout)

Certifications (e.g., CISSP, CSSLP, GWAPT, GCSA, GCP/AWS/Azure security) are a plus

Experience with API security (OWASP API Top 10), Proactive Threat Response, Responsible Disclosure workflows is a plus

Benefits

Flexibility to take as much vacation with pay as they deem consistent with their duties

Seven paid holidays throughout the calendar year

Up to 160 hours of paid wellness annually for their own wellness or that of family members

Additional paid time off in the form of bereavement leave

Time off to vote

Jury duty leave

Volunteer time off

Military leave

Parental leave

Health care insurance (medical, dental, vision)

Retirement planning (401(k))

Paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO)

Company

Cox Enterprises

Glassdoor4.6

Cox Enterprises is a communications, media, and automotive services company.

Founded in 1898

Atlanta, Georgia, USA

10001+ employees

http://coxenterprises.com

H1B Sponsorship

Cox Enterprises has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (4)

2022 (7)

2021 (1)

2020 (3)