Cyber Security Engineer
Role summary
This Lead Application Security Engineer role is with a global leader in automotive technology and digital retail solutions. The engineer will be the technical authority in a security Center of Excellence, responsible for securing a large cloud-native ecosystem. Key responsibilities include designing and implementing secure pipelines, providing developer security coaching, architecting cloud security controls like WAF and CSPM, and managing the responsible disclosure program. The role requires deep expertise in cloud platforms (AWS, Azure, GCP), DevSecOps practices, Python automation, and various security standards and tools.
Lead Application Security Engineer
We're working with a global leader in automotive technology and digital retail solutions on this exciting opportunity.
As the Lead AppSec Engineer, you will serve as the technical authority within a security Center of Excellence, securing a massive cloud-native ecosystem. You’ll blend deep security expertise with modern DevSecOps, leveraging Python automation and AI-augmented tools to harden pipelines and protect critical infrastructure across AWS, Azure, and GCP.
The Role
• Lead the design and implementation of Secure Pipelines, integrating SAST, DAST, SCA, and API security controls into modern CI/CD workflows using GitHub Actions and Azure DevOps.
• Drive "fix-first" coaching by providing developer-centric remediation guidance, code examples, and security consultation via Office Hours and Brown Bags.
• Architect and manage enterprise WAF infrastructure and Cloud Security Posture Management (CSPM) to harden serverless, containerized (Kubernetes), and IaC environments.
• Act as the primary responder for the Responsible Disclosure program, triaging bug bounty submissions and coordinating remediation with product teams.
• Leverage Python, Terraform, and REST APIs to automate security workflows, reducing toil through custom tooling and pipeline integrations.
What You'll Need
• 6+ years of IT experience with at least 2 years dedicated to Application Security, Product Security, or high-level Software Engineering with a security focus.
• Mastery of modern cloud architectures (AWS/Azure/GCP) including containers, Kubernetes, serverless, and Infrastructure as Code (Terraform, Bicep, or CloudFormation).
• Deep technical knowledge of the OWASP Top 10, ASVS, OAuth2/OIDC, and software supply chain security (SBOMs and dependency risk).
• Proficient in Python scripting and REST API integration to build automated security utilities and "quick-fix" tools.
• Experience with AI-augmented development, using context-aware prompts and AI agents to improve software quality and security deployments.
What's On Offer
• Highly competitive salary range of $122,600 - $204,400 based on experience and impact.
• Exceptional flexibility with a "take what you need" paid vacation policy and 160 hours of annual paid wellness time.
• Opportunity to lead a high-visibility Center of Excellence within a massive enterprise environment.
• Robust benefits including 7 paid holidays, volunteer time off, and comprehensive parental leave.
Apply via Haystack today!
Similar roles
- Cyber Security EngineerPacer Staffing · Bloomfield, Connecticut, United States · Hybrid
Cyber Security EngineerAgileGrid Solutions · United States · Onsite- Cyber Security EngineerAgileGrid Solutions · United States · Hybrid
Principal Cyber Security EngineerMANTECH · Chantilly, Virginia, United States · Onsite
Cyber Security EngineerBooz Allen Hamilton · Virginia, United States · Null
