This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader "Shift Left" cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices.
Key Responsibilities:
Application Security & Testing
Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
Analyze vulnerabilities and recommend secure coding fixes
Demonstrate vulnerabilities to development teams
Drive remediation efforts to closure
DevSecOps & Tooling
Work within CI/CD pipelines using tools such as:
Jenkins, GitLab, GitHub Actions, TeamCity
Checkmarx, GitHub Advanced Security, Burp Suite
Integrate security controls into development workflows
WAF & Security Controls
Lead Web Application Firewall (WAF) deployment for new and existing apps
Implement application security policies, controls, and standards
Collaboration & Enablement
Partner with development, platform, and supplier teams
Provide clear remediation guidance
Train teams on secure coding and application security practices
Develop training materials
Assessment & Reporting
Conduct security assessments using standard tools
Track and report:
Risks
Milestones
Deliverables
Status updates
Recommend strategies based on application risk posture
This role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week.
Basic Qualifications:
*
Bachelor's degree in Computer Science, Information Technology, or related field
*
3+ years of hands-on experience in application security, security testing, and DevSecOps
*
Strong understanding of:
Application architectures (web, mobile, APIs)
Software development methodologies (Agile, SDLC)
Modern programming languages (Java, C#, Python)
Experience performing and interpreting results from:
SAST, DAST, IAST, SCA, and mobile security testing tools
Hands-on experience with secure code review in common languages (Java, C#, Python preferred)
*
Prior background in application development, including:
Compiled code
Web applications / services
Mobile app development
Knowledge of security frameworks and standards:
NIST, ISO 27001
NIST SSDF or similar secure development frameworks
Strong understanding of:
OWASP Top 10 vulnerabilities and mitigation techniques
Common attack vectors (web exploits, DDoS, bot attacks)
Experience with WAF technologies:
Akamai, Cloudflare, AWS WAF, Azure Front Door
Familiarity with cloud platforms and modern environments:
AWS, Azure, GCP
Containers (Docker, Kubernetes)
Working knowledge of:
Programming/scripting: Java, JavaScript, SQL, HTML
Scripting languages (Python, Bash preferred)
Strong analytical, problem-solving, and communication skills
Ability to explain technical risks to non-technical audiences
Experience writing security reports and documentation
Ability to work independently and cross-functionally
Preferred Qualifications:
Industry certifications:
GIAC GWEB
ISC2 CSSLP
EC-Council CASE
Or equivalent AppSec certifications