[Remote] Lead Application Security Engineer

Note: The job is a remote job and is open to candidates in USA. California Correctional Health Care Services is seeking a highly skilled Lead Application Security Engineer to help secure business-critical web applications and emerging AI-enabled applications. In this role, you will work closely with developers and technology leaders to identify risks and improve secure development practices.

Responsibilities

• Lead application security initiatives using Secure SDLC, threat modeling, OWASP, AI TRiSM and NIST best practices
• Perform application security architecture reviews, application code reviews, vulnerability assessments, and application penetration testing activities
• Drive BRD, TDD, SDD, design, and code reviews with a security-risk lens; estimate effort for SAST, DAST, IAST, and application penetration-testing initiatives
• Own and advance AI powered application security strategy to safeguard applications, micro-segmentation, microservices, APIs, and UI components
• Execute Quality Agile + DevSecOps transformation activities to improve end-to-end application security across the enterprise
• Perform application vulnerability exploitation, application security audits, and application penetration testing to identify and mitigate high-risk exposures

Skills

• 5+ years of application security experience, including securing applications with privacy, and regulatory compliance (PII, PHI, PCI)
• Hands-on experience with SAST, DAST, IAST, application penetration testing, and fuzz testing tools used by ethical hackers for the AI era
• Exposure to one or more application development frameworks: C#, .NET, Java, jQuery, AngularJS, ReactJS, GraphQL, Web APIs/Services, XML and Agentic AI
• Strong knowledge of application threat modeling, continuous protection via RASP, ADR or unified security platform and AI Security methodologies
• Ability to research emerging application security technologies, zero-day vulnerabilities, AI TRiSM framework and best practices
• Experience securing Web, Cloud, Agentic AI applications and Ethical Hacking, or Application PenTest certifications are a plus
• Experience implementing application security controls and application security testing solutions through the software development lifecycle – Secure SDLC
• Working knowledge of JIRA or similar defect-tracking systems and Work Breakdown Structures
• Excellent communication, presentation and collaboration skills

Benefits

• Health Benefits Program (CalPERS)
• Retirement (CalPERS)
• Employer Health and Consolidated Benefits Contributions
• Dental, Vision
• 401(k) and 457 Deferred Compensation Plans
• Employee Assistance Program
• Group Legal Services Insurance
• Holidays, Vacation/Sick/Other Paid Leave
• Flex Elect Reimbursement Program
• Wellness and Recognition
• Alternate Work Schedules
• Transit Pass Program
• Tuition Reimbursement
• Dependent Scholarship Program
• Leadership Training
• Mentoring Program

Company Overview