Senior Application Security Engineer
Role summary
The Senior Application Security Engineer will lead DevSecOps integration by embedding security tools and practices into CI/CD pipelines, defining secure coding standards, and conducting threat modeling and risk assessments. This role requires deep expertise in secure software design, enterprise application security controls, and CI/CD security integration. The engineer will also provide technical leadership, mentorship, and drive vulnerability management and secure architecture decisions. Proficiency in programming languages and modern application architectures is essential. Preferred qualifications include cloud security experience, familiarity with SDLC governance, and experience with specific security tools.
Job Title: Senior Application Security Engineer
Division/Department: CC1302 IT Information Security
Location: Chicago, IL
Lead DevSecOps integration by embedding SAST, SCA, DAST, IaC, and container security into CI/CD pipelines with automated quality gates and risk-based controls.
Define and enforce secure coding standards & governance, ensuring secure-by-default practices and audit-ready SDLC processes.
Conduct advanced code reviews, threat modeling, and risk assessments, delivering actionable remediation guidance for complex applications.
Provide technical leadership & mentorship, driving vulnerability management, secure architecture decisions, and a strong security culture.
Qualifications
6–8 years of experience in application security, software engineering, product security, or DevOps with a strong security focus, consistent with senior engineer expectations.
Deep expertise in secure software design principles, threat modeling methodologies, and enterprise application security controls.
Extensive experience with CI/CD security integration and DevSecOps tooling (SAST, SCA, DAST, secrets management, container security).
Demonstrated experience performing and leading secure code reviews and providing actionable remediation guidance.
Proficiency in one or more programming languages (e.g., Java, C#, Python, TypeScript) and familiarity with modern application architectures (microservices, containers, APIs, cloud-native).
Preferred Qualifications
Experience designing or evaluating secure architectures in cloud platforms such as AWS or Azure, aligned with senior engineering expectations in other Bank roles.
Familiarity with enterprise SDLC governance, Agile methodologies, and security-by-design frameworks.
Prior experience leading large-scale DevSecOps initiatives or maturing application security programs.
Relevant certifications such as CISSP, CSSLP, GWEB, or cloud security certifications.
Experience with Checkmarx, Prisma Cloud, Jfrog Xray or similar tools
Experience with common programming languages including C#, Java, and YAML.
Core Competencies Advanced problem-solving and analytical capabilities.
Ability to communicate complex security concepts to technical and non technical audiences.
Strong collaboration and influence skills; able to drive alignment across engineering, cloud, risk, and security teams.
Demonstrated commitment to continuous improvement, engineering excellence, and secure software delivery.
Similar roles
Sr. Application Security EngineervCluster · United States · Remote
Application Security EngineerRyder System · Massachusetts, United States · Onsite- Application Security EngineerGreenbrier Government Solutions, Inc · Virginia, United States · Hybrid
- Application Security EngineerMeridianLink · United States · Onsite
- Application Security EngineerRemoteHunter · United States · Remote
