You will own and scale dynamic security capabilities across the Software Delivery Lifecycle (SDLC) and production, with a strong emphasis on: DAST automation and integration into CI/CD pipelines, RASP and in-process runtime protection, and API Security engineering for internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery.
Focus on active defense for web applications and APIs through a combination of security testing, runtime instrumentation, and API protection.
Help design and mature security programs that combine dynamic application and API testing to identify exploitable vulnerabilities, logic weaknesses, and misconfigurations as early as possible.
Implement AI-enabled workflows to reduce false positives, improve triage efficiency, and accelerate remediation.
Partner with API gateway and edge teams to implement and tune security controls such as schema/contract validation, request filtering, threat protections, rate limiting, and throttling.
Deploy, configure, and tune runtime security solutions (such as RASP) integrated into application runtimes to monitor execution and defend against attacks in production.
Collaborate closely with developers and architects to ensure runtime protections complement, rather than replace, secure design and code-level fixes.
Build and maintain metrics that reflect meaningful security outcomes.

Requirements

5+ years (or equivalent) of experience in application security, product security, offensive security, or secure software engineering with strong hands-on technical depth.
Strong hands-on experience in web application and API security, including vulnerability identification, exploit validation, remediation support, and secure design considerations.
Demonstrated ability to evaluate, implement, and operationalize AI-assisted security tooling/workflows (build vs. buy), with a focus on measurable improvements in signal quality, coverage, and remediation efficiency.
Demonstrated experience scaling DAST and automated dynamic testing, including authenticated scanning, scan tuning, and CI/CD integration.
Strong expertise in API security, including OAuth2/OIDC, JWT, API gateways, authorization testing, and testing techniques for REST and GraphQL APIs.
Practical experience implementing and tuning RASP or similar in-process runtime protections in production environments.
Deep understanding of the OWASP Top 10 and OWASP API Security Top 10, especially authorization failures (BOLA/BFLA), injection, SSRF, deserialization, security misconfiguration, and business logic abuse.
Ability to write code and build technical solutions to automate workflows, develop integrations, create test harnesses/utilities, or build lightweight internal security tools when needed.
Proficiency in one or more scripting/programming languages such as Python, Go, JavaScript, or Bash, with demonstrated ability to apply coding skills to security engineering problems.
Strong understanding of modern application architectures, including APIs, microservices, cloud-native design patterns, authentication flows, and runtime environments.
Working knowledge of cloud-native platforms and production concepts (containers, Kubernetes, observability/logging/tracing), with the ability to use that knowledge in support of application security engineering.
Strong communication skills and the ability to translate security findings into clear, prioritized engineering actions for developers and stakeholders.

Benefits

Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected
Adoption Reimbursement
Disability Benefits (short term and long term)
Life and Accidental Death Insurance
Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
Employee Assistance Programs (EAP)
Extensive employee wellness programs
Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

DAST automationAPI Security engineeringruntime application self-protection (RASP)vulnerability identificationexploit validationsecure designAI-assisted security toolingautomated dynamic testingOAuth2OWASP Top 10

Soft Skills

strong communication skillscollaborationproblem-solvingability to translate security findings