What are the responsibilities and job description for the Lead Application Security Engineer position at Westfield?

The Lead Application Security Engineer will be a core member of the Threat and Vulnerability Management (TVM) team. The role will be responsible for supporting the organization's Application and API Security Program. This individual will lead efforts to identify, assess, and mitigate vulnerabilities across applications and APIs, delivering strategic guidance while collaborating closely with IT, Asset and Application Owners, and Senior Information Security Leadership to drive security initiatives.

Corporate-wide Application Security and TVM security initiatives.
Assessing IT and cybersecurity risks related to applications and identifying emerging application security threats.
Managing, maintaining, and administering tools utilized for application security, including static and dynamic analysis tools.
Maintains expert knowledge of security frameworks and standards – Ensures application security practices align with industry standards, such as OWASP, NIST, and CIS controls, and incorporates these into security policies and procedures.
Conducts comprehensive application security assessments – Performs in-depth security testing and code reviews on new and existing applications to identify vulnerabilities and provides recommendations for remediation.
Collaborates with IT and development teams – Works closely with development and DevOps teams to implement secure coding practices, communicates application-related risks, and supports efforts to secure the application lifecycle.
Advises business units on application security controls – Partners with various business units to ensure application security controls are robust, appropriate, and effective, aligning security initiatives with business objectives.
Participates in security planning and strategy sessions – Actively contributes to security-related meetings, project teams, and workgroups, offering expertise and strategic input on application security initiatives.
Supports compliance and audit efforts – Assists with internal and external security audits, ensuring applications comply with regulatory requirements and industry standards.
Promotes a strong security culture – Advocates for application security awareness and best practices throughout the organization, fostering a proactive approach to secure development.
Develops and delivers application security reports – Prepares and presents reports on application security findings, offering insights and recommendations to stakeholders.
Monitors and adapts to evolving security trends and regulations – Keeps abreast of new regulatory requirements, application security trends, and technology developments to inform and adjust security practices accordingly.
Occasional travel for special assignments and professional development – Participates in specialized training, conferences, or office visits as needed to support application security objectives and team development.

Qualifications

5 years of experience in information technology or information security, with a focus in one or more of the following areas :

Application Security

Offensive Security

Secure Software Development

Excellent written and oral communication skills, including the ability to :

Deliver messages in a clear, compelling, and concise manner.

Articulate complex security concepts in a way that is understandable by both technical and non-technical audiences.

Tailor communication content and style to meet the needs of diverse stakeholders.

Actively listen and ensure understanding across all parties.

Strong analytical, critical thinking, and problem-solving skills – Able to approach challenges creatively and develop effective solutions for application security.

Proven ability to collaborate with both technical and non-technical teams – Skilled in working tactfully with business stakeholders, developers, and IT resources to achieve security goals.

Keen attention to detail – Demonstrates accuracy and thoroughness in all work, with a commitment to verifying results and following through on tasks.

Experience with application security tools (e.g., Snyk, Burp Suite, Checkmarx, Veracode, OWASP ZAP) and familiarity with static and dynamic application security testing (SAST / DAST) methodologies.

Bachelor's degree in computer science, information technology, cybersecurity, or a related field, or equivalent work experience.

Desired but not required certifications : Security-focused certifications such as CISSP, CEH, GWAPT, OSCP, or similar industry-recognized credentials.

Familiarity with industry-standard frameworks and best practices – Understanding of OWASP Top Ten, NIST, or other security frameworks relevant to application security.

Applicants must be currently authorized to work in the United States on a full-time basis.

Location

Hybrid defined as three (3) or more days per week in the office

Behavioral Competencies

Collaborates

Communicates Effectively

Customer Focus

Decision Quality

Nimble Learning

Apply for this job

Receive alerts for other Lead Application Security Engineer job openings

Lead Application Security Engineer

What are the responsibilities and job description for the Lead Application Security Engineer position at Westfield?

What is the career path for a Lead Application Security Engineer?

Job openings at Westfield

Not the job you're looking for? Here are some other Lead Application Security Engineer jobs in the Westfield, OH area that may be a better fit.

We don't have any other Lead Application Security Engineer jobs in the Westfield, OH area right now.

AI Assistant is available now!