Application Security Automation EngineerHybrid work model – 2 days/week in office. ResponsibilitiesLead end‑to‑end SAST operations, including intake/scoping, onboarding, configuration, execution, triage, and reporting across diverse technology stacks. Tune scan tools to reduce false positives and improve signal quality; provide secure code review and root‑cause analysis support to development teams. Contribute to other testing programs (SCA, DAST) and integrate into CI/CD workflows as needed to support scan readiness, coverage validation, and triage of results. Evaluate and adopt AI‑assisted capabilities in security scanning/testing tools to improve triage speed, consistency, and remediation guidance. Assess the security implications of LLM‑enabled features on application threat models and emerging risks, e.g. supply chain integrity, prompt‑driven workflows, RAG pipelines. Identify gaps through risk‑based assessments; recommend corrective actions for vulnerabilities and weaknesses; and support planning, tracking, and risk acceptance processes in alignment with regulatory expectations. QualificationsBachelor’s Degree in a relevant discipline (Computer Science, Engineering, Math, Cyber Security). Typically 5–7 years of relevant experience as a SAST/Automation Engineer with experience integrating SAST into pipelines. 5+ years of hands‑on experience with static source code analysis (SAST) tools and dynamic application security (DAST) tools. Strong knowledge of common coding languages (e.g. C#, JAVA, JavaScript, TypeScript, Python) and ability to read/write code with minimal oversight. 5+ years scripting/automation experience (e.g., Python, Node.js, Bash) to integrate testing and repeatable checks into engineering workflows. Working knowledge of OWASP Top10 and the OWASP Testing Guide or other secure coding frameworks, e.g. NIST Cyber Security Framework (CSF). Solid understanding of secure coding frameworks and secure code reviews, code‑scanning software and vulnerability code‑scanning processes, network protocols and connectivity, risk‑based assessment approach. Understanding of information security risk and regulatory requirements. Exposure to securing LLMs and deploying LLMs in a secure fashion. Cybersecurity certification (CISSP, CISSLP, OSCP, GSEC, etc.) is an asset. Experience contributing to SOPs, reusable templates, or security testing playbooks. Self‑motivated with a positive attitude and an ability to work independently and in a team. SalarySalary: $82,800.00 – $154,800.00 (Salaried). The range may vary based on location, skills, experience, education, and qualifications for the role, and may include performance‑based incentives, discretionary bonuses, or other compensation. BenefitsHealth insurance Tuition reimbursement Accident and life insurance#J-18808-Ljbffr