Apply on Employer Site

Cast & Crew · 2 months ago

Lead Application Security Engineer

Burbank, CA

Full-time

Hybrid

Senior Level, Lead/Staff

$140K/yr - $170K/yr

6+ years exp

Cast & Crew is a provider of entertainment technology and services, supporting the global entertainment industry. They are seeking a Lead Application Security Engineer to bridge application security expertise and DevOps automation, driving the security-first culture and implementing automated security solutions for engineering teams.

AccountingBookkeeping and PayrollSoftware

H1B Sponsor Likely

Responsibilities

Own the application security vision and roadmap for the engineering organization

Design secure architecture for new products, services, and critical features

Conduct threat modeling sessions for high-risk systems and data flows

Define security standards, policies, and best practices for development teams

Serve as the security subject matter expert for engineering leadership

Drive security initiatives from concept through implementation

Lead post-incident security reviews and implement preventive measures

Perform in-depth security code reviews of critical and high-risk code changes

Identify, assess, and prioritize vulnerabilities across our application portfolio

Partner with development teams to remediate security findings effectively

Research and evaluate emerging threats, attack vectors, and security vulnerabilities

Provide security consultation and architectural guidance to product teams

Conduct security assessments of third-party integrations and dependencies

Stay ahead of industry trends and evolving attack techniques

Design and implement security automation throughout the CI/CD pipeline

Integrate, configure, and manage security scanning tools (SAST, DAST, SCA, secrets detection)

Build custom security tools and frameworks to scale security across teams

Automate security testing, vulnerability management, and compliance checking

Implement and manage secrets management solutions (Vault, cloud secret managers)

Secure containerized applications and Kubernetes deployments

Scan and enforce security policies for Infrastructure as Code (Terraform, CloudFormation)

Create security dashboards, metrics, and executive reporting

Continuously optimize security tooling for accuracy and developer experience

Mentor developers on secure coding practices and security principles

Build and lead a security champions program across engineering

Create security training materials and conduct workshops

Provide actionable security feedback that doesn't block velocity

Collaborate with DevOps and Platform teams on security improvements

Make security tooling intuitive and integrated into developer workflows

Qualification

Application SecurityDevSecOps AutomationSecurity ArchitectureCloud SecuritySecurity Tools ProficiencyProgramming SkillsThreat ModelingContainer SecurityCI/CD SecurityMentoring EngineersCommunicationLeadership Experience

Required

6+ years in application security with a strong track record of impact

Expert-level knowledge of web application security vulnerabilities (OWASP Top 10, injection attacks, authentication flaws, authorization issues, cryptographic failures, etc.)

Strong programming skills in 2+ languages such as Python, Java, JavaScript, C#

Proven experience securing CI/CD pipelines and building security automation

Hands-on expertise with security tools: SAST (SonarQube, Semgrep, Checkmarx), DAST (Burp Suite, OWASP ZAP), SCA (Snyk, Dependabot)

Deep understanding of authentication/authorization mechanisms (OAuth 2.0, OpenID Connect, SAML, JWT, API keys, TLS)

Production experience with cloud platforms (AWS, Azure, or GCP) and cloud-native security

Container security knowledge including Docker and Kubernetes security best practices

Excellent communication skills - able to explain security risks to engineers, product managers, and executives

Leadership experience mentoring engineers or leading security initiatives

Preferred

Security certifications: OSCP, GWAPT, CSSLP, CEH, or CISSP

Cloud certifications: AWS Certified Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer

Experience with Infrastructure as Code security (Terraform, CloudFormation, Pulumi, Ansible)

Background in DevOps, SRE, or Platform Engineering

Knowledge of compliance frameworks (SOC 2, ISO 27001, PCI-DSS, HIPAA, GDPR)

Contributions to open-source security tools or projects

Experience with API security, microservices, and service mesh architectures

Penetration testing or red team experience

Understanding of cryptography, PKI, and secure communication protocols

Benefits

Medical

Dental

Vision

PTO

Health and wellness programs

Employee discounts

And more!

Company

Cast & Crew

Glassdoor3.9

Cast & Crew began modestly as a small business that provided payroll services to the commercial and the music business.

Founded in 1976

Burbank, California, USA

501-1000 employees

http://www.castandcrew.com

H1B Sponsorship

Cast & Crew has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (6)

2024 (2)

2023 (3)

2022 (7)

2021 (5)

2020 (11)

Funding

Current Stage

Late Stage

Total Funding

unknown

Key Investors

Veronis Suhler Stevenson

2018-12-10Acquired

2013-02-05Private Equity

Leadership Team

Sally Knutson

CFO

Recent News

Lynch Carpenter

The TEAM Companies Data Breach Claims Investigated by Lynch Carpenter

2025-11-26

The Hollywood Reporter

Wrapbook Hires Jeff Caruso as SVP of Studio Sales and Success (Exclusive)

2025-10-03

PR Newswire

Industry Veteran Jeff Caruso Joins Wrapbook to Drive Studio Growth and Transform Production Finance

2025-10-03

Company data provided by crunchbase