Location:Irving, TX/ Iselin, NJ/ Charlotte, NC - Hybrid Role
FTC/FTE Role
Job Description: Look for someone who has Application Security experience, has worked closely with software developers, conducted threat modeling and secure coding activities, integrated security tools into CI/CD pipelines, and ideally built or led a Security Champions Program or Community of Practice. Leadership, enablement, training, and influencing engineering teams are more important than deep penetration testing or network security experience.
Here are some key points that can help you spot a difference between a good candidate for this role:
Must-Have Experience Areas
You can confirm the candidate has experience in at least 4–5 areas of these:
Area | Required |
Application Security | Yes |
Threat Modeling | Yes |
Secure Coding | Yes |
Developer Coaching | Yes |
Security Testing Tools | Yes |
CI/CD Security | Yes |
Security Governance | Preferred |
Security Champion Program | Strongly Preferred |
Compliance Reporting | Preferred |
Metrics & Dashboards | Preferred |
1. Must-Have Resume Keywords
A strong resume should contain several of these terms:
Application Security
• Application Security (AppSec)
• Secure SDLC (SSDLC)
• Secure Development Lifecycle
• DevSecOps
• Secure Design
• Secure Coding
• Security Architecture
• Security Review
Threat Modeling & Developer Coaching
• Threat Modeling
• STRIDE
• Security Champions
• Developer Enablement
• Security Training
• Secure Coding Training
• Security Awareness
• Coaching Developers
• Security Workshops
CI/CD & Automation
• CI/CD Security
• DevSecOps
• Security Gates
• Pipeline Security
• Compliance Automation
• Security Controls
• Continuous Security Testing
Security Testing Tools
• SAST
• DAST
• SCA
• Static Analysis
• Dynamic Testing
• Software Composition Analysis
• Vulnerability Management
Governance & Metrics
• Security Metrics
• KPIs
• Dashboards
• Compliance Reporting
• Risk Management
• Risk Register
• Governance
• Security Controls
Collaboration
• Cross-Functional Leadership
• Stakeholder Management
• Program Management
• Change Management
• Community of Practice (CoP)
• Security Champion Program
________________________________________
2. Tools That Should Appear on Resume
Look for at least some of these:
SAST
• Checkmarx
• Veracode
• Fortify
• SonarQube
• Coverity
DAST
• Burp Suite
• AppScan
• WebInspect
SCA
• Black Duck
• Snyk
• Mend (WhiteSource)
CI/CD
• Jenkins
• GitHub Actions
• GitLab CI/CD
• Azure DevOps
Dashboards
• Power BI
• Grafana
• Splunk
Collaboration
• ServiceNow
• Confluence
• Jira
• Microsoft Teams
________________________________________
3. High-Value Phrases
These are the phrases that should immediately catch a your attention:
• "Built Security Champion Program"
• "Led Application Security Community of Practice"
• "Coached development teams on secure coding"
• "Conducted threat modeling sessions"
• "Integrated security controls into CI/CD pipelines"
• "Established AppSec KPIs and dashboards"
• "Drove security adoption across engineering teams"
• "Partnered with application owners to remediate vulnerabilities"
• "Performed secure code reviews"
• "Developed AppSec training curriculum"
• "Enabled security adoption across multiple business units"
• "Acted as liaison between development and security teams"
________________________________________
5. Red Flags (Reject or Lower Priority)
Pure Infrastructure Security
Resume focused mainly on:
Not a fit.
Pure Vulnerability Management
Only:
Not enough AppSec depth.
Pure Penetration Tester
Only:
May lack program leadership and developer enablement.
Pure DevOps Engineer
Only:
Need AppSec ownership and security leadership.
6. Certifications to Prioritize
Strong:
Good:
Nice to Have: