885 IT & Software Developer jobs in the US
C / C++ Developer Jobs in the US
C / C++
.NET Developer Jobs in the US
C#.NET
Data Science & Engineering Jobs in the US
Data
Golang Developer Jobs in the US
Golang
Java Developer Jobs in the US
Java
JavaScript Developer Jobs in the US
JavaScript
Mobile app Developer Jobs in the US
Mobile
PHP Developer Jobs in the US
PHP
Python Developer Jobs in the US
Python
Ruby on Rails Developer Jobs in the US
Ruby
SAP Developer Jobs in the US
SAP
System Engineer Jobs in the US
System
DevOps Engineer Jobs in the US
DevOps
IT & ICT Jobs in the US
IT
Database Developer Jobs in the US
Database
QA, Software Tester Jobs in the US
QA, Test
Machine-Learning Developer Jobs in the US
ML, AI
Security Engineer Jobs in the US
Security
Network Engineer Jobs in the US
Network
GameDev Developer Jobs in the US
GameDev
Blockchain Developer Jobs in the US
Blockchain
UI / UX Designer Jobs in the US
UX, UI
Architect Specialist Jobs in the US
Architect
Product / Project Manager Jobs in the US
Business
IT Management Jobs in the US
Manager
IT Support Jobs in the US
Support
Rust Developer Jobs in the US
Rust
Hardware Engineer Jobs in the US
Hardware
No-Code Developer Jobs in the US
No-Code

Be among the first 5 applicants!
Cox Automotive jobs

Senior Application Security Engineer

$119,600 - 199,400
Cox Automotive
Peachtree Dunwoody Road 6205, Atlanta
$119,600 - 199,400
Company Size icon
Company Size
5k+
Company Type icon
Company Type
Services
Exp Level icon
Exp Level
Lead
Job Type icon
Job Type
Full-Time
Language icon
Language
English
Visa sponsorship icon
Visa sponsorship
No

Requirements

Must:
- I hold a Bachelor's degree in a related field with 6 years of experience in a relevant area. I could also have a Master's degree with 4 years of experience, a Ph.D. with 1 year of experience, or 18 years of experience in a related discipline. - I possess at least 2 years of experience in Application/Product security or software engineering with a strong emphasis on security. - I have hands-on experience with modern SDLC/DevSecOps in cloud-native environments, including microservices, APIs, containers/Kubernetes, serverless technologies, Infrastructure as Code (IaC) such as Terraform/CloudFormation/ARM/Bicep, and CI/CD integration. - I am practically skilled in operating and tuning SAST, DAST, SCA, API testing, and IaC/container scanners, plus utilizing CNAPP in multi-cloud environments. - I am proficient in scripting and automation, preferably using Python, and have skills in PowerShell/Bash, including REST API integration. - I possess in-depth knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design patterns, cryptography fundamentals, authentication/authorization (OAuth2/OIDC/JWT), and common web/API vulnerabilities and their mitigations. - I have experience managing responsible disclosure or bug bounty reports and effectively driving coordinated remediation with product teams. - I am an effective communicator who can simplify complex risks for engineers and leadership, demonstrating a bias for action and measurable outcomes. - I have familiarity with software supply chain security, including SBOMs, signing, provenance, dependency risk, and runtime protection tools like RASP, WAF/WL, and EDR for containers. - I have a strong understanding of cloud architecture and infrastructure. - I am adept at collaborating with AI agents to build, test, and deploy software across the SDLC, optimizing contextual inputs to enhance AI understanding and quality of output. - I can implement AI-powered features and pipelines in our software, contribute to prompt engineering experimentation, share insights on tool usage, and define coding standards, review practices, and ethical guidelines for AI utilization. - I have the capability to mentor peers and guide junior team members on AI-augmented development.

Technologies

AI
API
ARM
AWS
Azure
Bash
CI/CD
Cloud
Cryptography
DevSecOps
DevOps
GCP
GitHub
GitLab
Support

Responsibilities

- I will operate, manage, and continually enhance our off-the-shelf AppSec and CloudSec tools, overseeing WAF infrastructure management, user onboarding, policy/configuration, and integrations. - I will assess and manage vulnerabilities across various sources, including SAST, DAST, SCA, API, IaC, and CSPM, while leading reviews on false positives and maintaining strong audit trails. - I will collaborate with Cloud Platform teams to reinforce AWS/Azure/GCP environments through CSPM/CNAPP controls, guardrails, and baselines, while advising on secure patterns for serverless, containers/Kubernetes, and secrets management. - I will support system administration, configuration, and maintenance for the AppSec/CloudSec/WAF toolset, including identity/roles, agent health, connectors, backups, upgrades, and disaster recovery testing. - I will regularly assess security tools to ensure we are employing the most effective toolset that meets the organization's needs. - I will serve as the first point of triage for Responsible Disclosure submissions, reproducing issues, determining severity and impact, assigning ownership and SLAs, and tracking them to resolution. - I will ensure consistent communication with Responsible Disclosure reporters and internal stakeholders, maintaining accurate records for compliance purposes. - I will utilize scripting and automation (Python, PowerShell, Bash, REST APIs, Terraform modules, GitHub Actions/Azure DevOps/GitLab CI) for ad hoc fixes and to minimize manual effort. - I will act as a stakeholder in designing Secure Pipelines to be implemented by the Security Engineering Enablement team.

Description


Preferred skills include experience in WAF engineering, particularly with policy design, tuning, false positive management, bot/rate limit controls, logging/observability, and blue/green rollout. Certifications such as CISSP, CSSLP, GWAPT, GCSA, and security certifications from GCP/AWS/Azure are advantageous. Experience with API security (OWASP API Top 10), proactive threat response, and Responsible Disclosure workflows is also a plus. The annual compensation for this position ranges from $119,600.00 to $199,400.00. The base salary may vary within this range depending on the candidate’s location and their knowledge, skills, and abilities. This position may also qualify for additional compensation, which could include an incentive program. As a company, we offer eligible employees the flexibility to take paid vacation time as they see fit, along with seven paid holidays throughout the year and up to 160 hours of paid wellness leave annually for personal or family wellness. Employees are also entitled to additional paid time off for bereavement, voting, jury duty, volunteering, military service, and parental leave.
Something wrong or incorrect with this job? Tell us in the chat 💬 on the right ➡️

IT & Software developer jobs in the USSecurity Engineer jobs in the USSecurity Engineer jobs Atlanta, GA
You can find Cyber Security Engineer salaries in the United States here.

How many Cyber Security Engineer jobs are in the United States?

Currently, there are 885 Security openings. Check also: IAM jobs, SAML jobs, Cisco jobs, Splunk jobs - all with salary brackets.

Is the US a good place for Cyber Security Engineers?

The US is one of the best countries to work as a Cyber Security Engineer. It has a vibrant startup community, growing tech hubs and, most important: lots of interesting jobs for people who work in tech.

Which companies are hiring for Cyber Security Engineer jobs in the United States?

Sperasoft, Bain Magique, Archon Systems Inc, Journey Freight International inc, Puter Technologies Inc., Ontario One Call, HAPLY Robotics Inc. among others, are currently hiring for Security roles in the United States.

The company with most openings is Leidos as they are hiring for 88 different Cyber Security Engineer jobs in the United States. They are probably quite committed to find good Cyber Security Engineers.