Information Security Engineer

Job Description

Pay Range: $134000yr - $170000yr

• The Application and Cloud Security Lead provides technical leadership within the cybersecurity team, overseeing application security and cloud security initiatives.
• This role is responsible for building and advancing secure software development practices, strengthening cloud security posture, and leading strategic security programs.
• The ideal candidate is a highly technical security professional with experience in secure coding, Dev Sec Ops , and cloud security architecture, capable of mentoring teams and driving enterprise‑level security improvements.

• Strong expertise in application security and cloud security.
• Experience building and leading application and/or cloud security programs.
• Hands‑on knowledge of secure software development lifecycle (SSDLC).
• Expertise with application security testing tools (SAST, DAST, IAST, SCA).
• Experience securing CI/CD pipelines and Dev Sec Ops  environments.
• Proven leadership and mentoring experience.

• Minimum 5+ years of progressive experience in application security, cloud security, or related cybersecurity roles.
• Experience leading complex security initiatives and strategic programs.
• Experience collaborating with development, Dev Ops, and operations teams.

• Design and lead application and cloud security programs aligned with business and security objectives.
• Lead engineers in executing strategic security roadmaps.
• Design, implement, and maintain advanced security controls for applications and cloud environments.
• Establish and maintain a secure software development lifecycle including threat modeling, secure coding standards, and testing practices.
• Drive implementation and management of Cloud Security Posture Management (CSPM) tools.
• Implement and integrate application security testing tools into development workflows.
• Conduct and oversee application and cloud security assessments, including penetration testing and code reviews.
• Provide technical leadership, guidance, and mentorship to security engineers.
• Embed security into Dev Ops workflows and promote a Dev Sec Ops  culture.
• Research, evaluate, and recommend new security technologies and methodologies.
• Respond to and lead remediation of complex application and cloud security incidents.
• Collaborate with vendors, partners, and stakeholders to align with industry best practices.
• Ensure security solutions are scalable, maintainable, and aligned with established frameworks.
• Perform other duties as assigned.

• Experience with modern architectures, including microservices, APIs, and containers.
• Knowledge of container and orchestration security (Docker, Kubernetes).
• Familiarity with infrastructure‑as‑code security practices.
• Experience participating in industry forums or regulatory discussions.

• Application security and secure coding practices.
• OWASP Top 10 and application security frameworks.
• Cloud platforms: AWS, Azure, or GCP.
• CSPM tools and cloud‑native security services.
• CI/CD pipeline security and Dev Sec Ops .
• Vulnerability management and threat modeling.
• Strong communication, leadership, and project management skills.
• Ability to translate technical risks to technical and non‑technical stakeholders.
• Proficiency with Microsoft Office (M365) tools.

• Bachelor’s degree in Information Security, Computer Science, or related field.
• Advanced degree or equivalent professional experience preferred.
• Relevant certifications preferred: CISSP, CCSP, CSSLP, cloud security certifications, or GIAC certifications.