More jobs:
Security Program Manager
Job in
Juneau, Juneau Borough, Alaska, 99812, USA
Listed on 2026-07-09
Listing for:
Openkyber
Part Time
position Listed on 2026-07-09
Job specializations:
-
IT/Tech
Cybersecurity
Job Description & How to Apply Below
AI - Application Security Engineer
Location:
Hybrid at EITHER New York NY Charlotte NC Duration: 6months, contract to hire. Hybrid role 3 days a week onsite General Information:
Job Description:
This role will be an integral component of the application security program end-to-end - from discovery and inventory of business unit applications, through tooling implementation, through embedding security and AI-assisted controls into business unit Dev Ops pipelines. This is as much a relationship and influence role as it is a technical role; success requires partnering effectively with Hearst subsidiaries. This is a hybrid on-site position, with a requirement to be in a Hearst office three times per week.
You'll Do
- Application discovery and inventory across all business units, including ownership mapping, technology stack profiling, and risk tiering.
- Standing up and operating the App Sec tooling stack - SAST, SCA, secrets scanning, and container/IaC scanning - integrated into business unit CI/CD pipelines.
- Designing and implementing AI-assisted triage workflows on top of App Sec tooling so that finding volume does not overwhelm developers and false positives are filtered before reaching engineering teams.
- Defining secure SDLC requirements, threat modelling practices, and security gates that business units adopt as part of their standard development process.
- Partnering with business unit development leaders to build the relationships and shared playbooks needed to operationalize App Sec without becoming a blocker to delivery.
- Contributing to AI security strategy - evaluating emerging tools (AI code review assistants, agentic security testing, automated security requirement generation) and recommending what to operationalize and what to defer.
- Producing executive-ready metrics and reporting that connect App Sec activity to business risk reduction.
- 7+ years in application security, product security, or security engineering, with at least 3 years in environments with multiple independent business units, brands, or product lines.
- Hands‑on experience deploying and operating modern App Sec tooling (e.g., Semgrep, Snyk, Checkmarx, Veracode, Apiiro, Ox Security, Git Hub Advanced Security).
- Working code‑level proficiency in at least three commonly‑used languages (e.g., Python, JavaScript/Type Script, Java, C#, Go) sufficient to read, review, and triage findings.
- Strong scripting and automation skills in Python or equivalent; comfortable building integrations against REST APIs and operating in CI/CD environments (Git Hub Actions, Git Lab CI, Jenkins, Azure Dev Ops).
- Demonstrated ability to influence engineering organizations without direct authority - negotiating standards, driving adoption, and partnering with development leaders.
- Practical understanding of OWASP Top 10, threat modelling methodologies (STRIDE, PASTA, or equivalent), and modern attack patterns including supply chain risks.
- Experience integrating LLM‑based tooling into security workflows (alert triage, finding summarization, remediation guidance generation).
- Familiarity with one or more compliance frameworks relevant to our environment (HITRUST, HIPAA, NIST AI RMF, SOC
2). - Prior experience working in a regulated or healthcare‑adjacent environment.
- Cloud security depth in at least one major provider (AWS, Azure, Google Cloud Platform).
- Public contribution to App Sec community - OSS, conference talks, published research, or detection/rule contributions.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×