What are the responsibilities and job description for the Senior Application Security Engineer position at Cox Automotive?

Join our team as a Senior Application Security Engineer, where your expertise will play a pivotal role in safeguarding our software development processes. In this position, you will evaluate secure coding practices for both custom and third-party software, assess container images, and conduct both manual and automated dynamic application security tests.

Utilizing your extensive knowledge in cybersecurity, you will ensure robust security measures throughout the software development lifecycle. This role involves securing Software as a Service (SaaS) through effective configuration management and employing web application firewalls to protect our websites and APIs. You will collaborate closely with cross-functional teams, sharing your insights and strategies to enhance our security posture.

You will report directly to the Senior Manager of Application Security at Cox Automotive and engage in a variety of responsibilities :

Implement and uphold secure coding standards throughout the software development workflow.
Conduct static software analysis, perform manual dynamic assessments, and execute software composition reviews.
Work closely with engineering teams to assess source code vulnerabilities and recommend actionable mitigation strategies.
Investigate and address emerging application security threats, implementing detection and protection methods.
Regularly refine and optimize secure coding detection mechanisms, such as Veracode policy settings.
Participate in security events and incident responses to identify weaknesses in current designs and propose preventive solutions.

Minimum Qualifications :

Bachelor's degree in a relevant discipline with a minimum of 6 years of experience; alternatives include a master's degree with 4 years of experience, a Ph.D. with 1 year of experience, or 10 years of equivalent experience.

At least 4 years of dedicated experience in cybersecurity.

Practical experience in static source code analysis, dynamic application security testing, and software composition analysis.

Familiarity with security testing tools like Veracode, Fortify, BurpSuite, and Wiz.

Ability to communicate complex cybersecurity policies clearly to both technical and non-technical audiences.

Strong customer service demeanor, along with effective writing and presentation skills.

Capability to develop productive relationships with stakeholders and collaborate with other cybersecurity teams.

Consultative skills to navigate complex or controversial topics with employees and leadership.

Risk assessment proficiency and informed decision-making capabilities.

Proficiency in Python, and familiarity with at least one other programming language (C#, Go, PHP, Java, or JavaScript).

Understanding of modern cybersecurity architectures including zero trust, IaaS, PaaS, SaaS, and containerization.

Solid knowledge of cloud container operations and serverless platforms (e.g., EKS, ECS, Lambda).

Creative problem-solving skills in addressing complex cybersecurity challenges.

Experience working with Agile methodologies and DevSecOps practices.

Ability to drive change and implement solutions within Fortune 1000 companies.

Familiarity with cybersecurity frameworks (e.g., ISO 27000, NIST) and compliance regulations (e.g., GDPR).

Preferred Qualifications :

Extensive technical knowledge in areas such as .NET framework, Mono, Spring frameworks, and Oracle.

Experience with cloud infrastructures (AWS, GCP, Azure) and on-premises environments.

Expertise in developing cybersecurity standards across various hosting and application stacks.

Relevant experience in network security and software-defined networking.

Knowledge of Identity and Access Management (IAM) and security protocols (e.g., MFA, SAML, OAuth).

Experience with firewall implementations and deep understanding of network architectures.

AWS Well-Architected Framework knowledge.

Experience in critical infrastructure sectors (telecommunications, finance).

Background with big four consulting firms or Fortune 500 companies.

Relevant industry certifications (e.g., CISSP, CEH, OSCP).

Salary range for this position is $119,600.00 - $199,400.00 per year, which may vary based on factors such as location and the candidate's skills and experience. Additional compensation may include incentives.

At Cox Automotive, we believe in the potential of every person and the power of innovation. Join us to drive your career forward and contribute to shaping the future of mobility.

Our workplace is inclusive, and we value diversity. At Cox, we celebrate differences and encourage all individuals to apply.

Salary : $119,600 - $199,400

Apply for this job

Receive alerts for other Senior Application Security Engineer job openings

Senior Application Security Engineer

What are the responsibilities and job description for the Senior Application Security Engineer position at Cox Automotive?

What is the career path for a Senior Application Security Engineer?

Job openings at Cox Automotive

Not the job you're looking for? Here are some other Senior Application Security Engineer jobs in the Riverdale, GA area that may be a better fit.

We don't have any other Senior Application Security Engineer jobs in the Riverdale, GA area right now.

AI Assistant is available now!