SIGN IN
Lead Application Security Engineer (Cloud & DevSecOps) - Atlanta, GA & New York City, NY jobs in United States
cer-icon
Apply on Employer Site
company-logo

ActiveSoft, Inc · 6 hours ago

Lead Application Security Engineer (Cloud & DevSecOps) - Atlanta, GA & New York City, NY

positionAtlanta, GA
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
date4+ years exp
ActiveSoft, Inc is a company focused on enhancing security in software development. They are seeking a Lead Application Security Engineer to design and implement secure software practices, collaborate on security architecture, and mentor team members on security and AI-augmented development.
Human ResourcesRecruitingStaffing AgencyTechnical Support
Hiring Manager
Devender Gandham
linkedin

Responsibilities

Partner with Security Engineering Enablement and Security Architecture to design and ship secure software: secure code reviews and help define requirements on prerelease control validation (SAST/DAST/SCA, API security, Container/IaC scans)
Drive fix-first coaching—turn findings into clear remediation guidance and code examples, to help teams remediate security findings
Provide advice and guidance to teams in the areas of Application Security, Web Application Firewalls and Cloud Security, in the form of Office Hours, Brown Bags or team consultation sessions
Experience triaging responsible disclosure or bug bounty reports and driving coordinated remediation with product teams
Excellent communicator who can simplify complex risk for engineers and leaders; bias to action and measurable outcomes
Familiarity with software supply chain security (SBOMs, signing, provenance, dependency risk) and runtime protection (RASP, WAF/WL, EDR for containers)
Collaborate with AI agents to build, test, and deploy software across the SDLC, by using proper contextual inputs to improve AI understanding and output quality
Implement AI-powered features and pipelines in our software
Contribute to prompt engineering experimentation and share tool usage insights
Define coding standards, review practices, and ethical guidelines for AI use
Mentor peers and coach junior team members on AI-augmented development

Qualification

Application SecurityDevSecOpsCloud-native environmentsSAST/DAST/SCAPythonOWASP Top 10CI/CD integrationREST API integrationCryptography fundamentalsSecure design patternsCommunicatorAI collaborationMentoring

Required

4 years in Application / Product security or software engineering with a strong security focus
Hands on depth with modern SDLC/DevSecOps in cloud-native environments: microservices, APIs, containers/Kubernetes, serverless, IaC (Terraform/CloudFormation/ARM/Bicep), and CI/CD integration
Practical expertise operating and tuning SAST, DAST, SCA, API testing, IaC/container scanners, plus CNAPP for multi cloud
Scripting/automation proficiency (Python preferred; PowerShell/Bash nice) and REST API integration skills; able to create quick utilities and pipeline jobs to reduce manual effort
Strong knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design patterns, cryptography fundamentals, authN/Z (OAuth2/OIDC/JWT), and common web/API vulns and mitigations
Bachelor's degree in a related discipline and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years' experience; a Ph.D. and 1 year of experience; or 18 years' experience in a related field
2 years in Application / Product security or software engineering with a strong security focus
Experience triaging responsible disclosure or bug bounty reports and driving coordinated remediation with product teams
Excellent communicator who can simplify complex risk for engineers and leaders; bias to action and measurable outcomes
Strong understanding of cloud architecture and infrastructure

Preferred

Scripting/automation proficiency (Python preferred; PowerShell/Bash nice)
Familiarity with software supply chain security (SBOMs, signing, provenance, dependency risk) and runtime protection (RASP, WAF/WL, EDR for containers)
Collaborate with AI agents to build, test, and deploy software across the SDLC, by using proper contextual inputs to improve AI understanding and output quality
Implement AI-powered features and pipelines in our software
Contribute to prompt engineering experimentation and share tool usage insights
Define coding standards, review practices, and ethical guidelines for AI use
Mentor peers and coach junior team members on AI-augmented development

Company

ActiveSoft, Inc

twittertwittertwitter
company-logo
Since 2007, Active Soft, Inc.
dateFounded in 2007
location
Smyrna, Georgia, USA
people-size201-500 employees
web-link
http://www.activesoftinc.com/

Funding

Current Stage
Growth Stage
Company data provided by crunchbase