More jobs:
Lead Application Security Engineer
Job in
Atlanta, Fulton County, Georgia, 30383, USA
Listed on 2026-07-05
Listing for:
Carter’s, Inc.
Full Time
position Listed on 2026-07-05
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
Atlanta, GAtime type:
Full time posted on:
Posted Todayjob requisition :
JR59478
** Serving the needs of all families with young children,
** Carter’s Inc. is the largest North American apparel retailer exclusively for babies and young children, encompassing Carter’s, Osh Kosh B’gosh, Skip Hop and Little Planet brands. Meaningful work, constant learning, genuine people, and a community guided by core values that promote inclusion and innovation is in everything we do. There are many reasons to build your career at Carter's.## How you’ll make an impact:
The Lead Security Engineer – Application Security is a senior technical leader within the IT Security team, reporting to the Sr. Director, IT Security. This role serves as the primary architect and subject matter expert for application security across the enterprise, owning the App Sec program strategy, standards, and tooling roadmap. Working autonomously and with broad organizational influence, the Lead exercises expert-level judgment to define how security is built into software from the ground up.
A critical distinction of this role is hands-on experience with artificial intelligence: the Lead is expected to build, secure, and govern AI-powered capabilities as they become embedded in Carter’s applications and infrastructure. The Lead acts as a force multiplier – elevating the security posture of every engineering team they engage with and translating complex risk into clear, actionable direction for both technical and business stakeholders.
** Key Responsibilities
** Depending on the needs of the department, the duties of this role could include:
* ** Application security, architecture & standards (25%)** + Defining and owning the enterprise application security architecture, standards, and secure-by-default patterns + Establishing and maintaining App Sec tooling strategy, evaluating vendors, and driving adoption across engineering teams + Leading threat modeling sessions for critical applications and new product features + Serving as the final technical authority on App Sec decisions, including security design reviews and architecture signoffs
* ** Secure code review, API security & advanced testing (25%)** + Conducting and directing advanced secure code reviews, SAST/DAST assessments, and manual penetration testing across web, mobile, and API surfaces + Owning API security standards including REST and GraphQL, enforcing OWASP API Top 10 controls and authentication/authorization design patterns + Driving vulnerability triage, risk prioritization, and remediation accountability across development teams at scale
* ** Dev Sec Ops engineering & platform ownership (20%)** + Owning the Dev Sec Ops toolchain: designing, deploying, and maturing security gates within CI/CD pipelines enterprise-wide + Acting as the primary security partner to engineering leadership, embedding security into system design, SDLC processes, and platform decisions + Driving continuous improvement of App Sec metrics, dashboards, and KPIs to demonstrate program maturity and risk reduction
* ** AI security – build, secure & govern (20%)** + Hands-on building and deploying AI-powered security tooling and automation (e.g., AI-assisted code review, threat detection, or vulnerability triage) + Securing AI/ML integrations and connectors: assessing prompt injection, data leakage, model supply chain, and third-party AI service risks + Developing and enforcing AI governance policies: defining acceptable use, security review gates, and risk acceptance criteria for AI adoption
* ** Risk governance, compliance & cross-functional leadership (10%)** + Representing the IT Security team in architecture reviews, cross-functional planning, and executive risk reporting + Owning security policy and standards documentation relevant to application security, AI use, and API governance + Leading App Sec representation in PCI-DSS, NIST, and OWASP compliance audits and evidence collection##
** Travel Requirements
** Open-to-travel between various Carter's offices as needed## ## We’d Love to hear from you if: (Requirements section)
** Must…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×