Lead Application Security Engineer - 19562 jobs in United States
cer-icon
Apply on Employer Site
company-logo

Manheim Dallas-Fort Worth · 6 hours ago

Lead Application Security Engineer - 19562

positionAtlanta, GA
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$123K/yr - $204K/yr
date6+ years exp

Manheim Dallas-Fort Worth is seeking a Lead Application Security Engineer who will partner with Security Engineering Enablement and Security Architecture to design and ship secure software. The role involves performing secure code reviews, providing remediation guidance, and continuously improving application and cloud security tools while collaborating with various teams to enhance security practices.

Automotive
badNo H1Bnote

Responsibilities

Operate, administer, and continuously improve our off the shelf AppSec and CloudSec tools (WAF infrastructure management, user onboarding, policy/config, integrations)
Triage and disposition vulnerabilities across SAST/DAST/SCA/API/IaC/CSPM sources; lead false positive reviews and suppression/exception workflows with strong audit trails
Partner with Cloud Platform teams to harden AWS/Azure/GCP environments using CSPM/CNAPP controls, guardrails, and baselines; guide secure patterns for serverless, containers/Kubernetes, and secrets management
Support system administration, configuration, and maintenance for the AppSec/CloudSec/WAF toolset (identity/roles, agent health, connectors, backups, upgrades, and DR testing)
Evaluate security tools on an ongoing basis, to ensure we are leveraging the best toolset that meets the enterprise's needs
Serve as first-line triage for Responsible Disclosure submissions, reproduce issues, determine severity/impact, assign owners/SLAs, and track to closure
Ensure consistent communications with Responsible Disclosure reporters and internal stakeholders and maintain accurate records for compliance
Use scripting/automation (Python, PowerShell, Bash, REST APIs, Terraform modules, GitHub Actions/Azure DevOps/GitLab CI) for ad hoc fixes and to reduce toil (bulk policy changes, project provisioning, baseline exceptions, report consolidation)
Stakeholder for helping design Secure Pipelines to be implemented by the Security Engineering Enablement team

Qualification

Application SecurityCloud SecuritySAST/DAST/SCADevSecOpsPythonAWS/Azure/GCPOWASP Top 10CI/CD IntegrationCommunicationMentoringCollaborationProblem Solving

Required

Bachelor's degree in a related discipline and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years' experience; a Ph.D. and 1 year of experience; or 18 years' experience in a related field
2 years in Application / Product security or software engineering with a strong security focus
Hands on depth with modern SDLC/DevSecOps in cloud-native environments: microservices, APIs, containers/Kubernetes, serverless, IaC (Terraform/CloudFormation/ARM/Bicep), and CI/CD integration
Practical expertise operating and tuning SAST, DAST, SCA, API testing, IaC/container scanners, plus CNAPP for multi cloud
Scripting/automation proficiency (Python preferred; PowerShell/Bash nice) and REST API integration skills; able to create quick utilities and pipeline jobs to reduce manual effort
Strong knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design patterns, cryptography fundamentals, authN/Z (OAuth2/OIDC/JWT), and common web/API vulns and mitigations
Experience triaging responsible disclosure or bug bounty reports and driving coordinated remediation with product teams
Excellent communicator who can simplify complex risk for engineers and leaders; bias to action and measurable outcomes
Familiarity with software supply chain security (SBOMs, signing, provenance, dependency risk) and runtime protection (RASP, WAF/WL, EDR for containers)
Strong understanding of cloud architecture and infrastructure
Collaborate with AI agents to build, test, and deploy software across the SDLC, by using proper contextual inputs to improve AI understanding and output quality
Implement AI-powered features and pipelines in our software
Contribute to prompt engineering experimentation and share tool usage insights
Define coding standards, review practices, and ethical guidelines for AI use
Mentor peers and coach junior team members on AI-augmented development
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship. No OPT, CPT, STEM/OPT or visa sponsorship now or in future

Preferred

WAF engineering experience (policy design, tuning, false positive management, bot/rate limit controls, logging/observability, blue/green rollout)
Certifications (e.g., CISSP, CSSLP, GWAPT, GCSA, GCP/AWS/Azure security) are a plus
Experience with API security (OWASP API Top 10), Proactive Threat Response, Responsible Disclosure workflows is a plus

Benefits

Flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations
Seven paid holidays throughout the calendar year
Up to 160 hours of paid wellness annually for their own wellness or that of family members
Bereavement leave
Time off to vote
Jury duty leave
Volunteer time off
Military leave
Parental leave

Company

Manheim Dallas-Fort Worth

twitter
company-logo
Manheim continues to set the industry standard for buying and selling used vehicles today.
dateFounded in 2001
location
Euless, Texas, US
people-size201-500 employees
web-link
http://www.manheim.com

Funding

Current Stage
Growth Stage
Company data provided by crunchbase