Senior Application Security Developer/Engineer

  • Location


  • Sector:

    Software Engineering

  • Job type:


  • Salary:

    Market Competitive d.o.e.

  • Contact:

    Tom Layzell

  • Contact email:


  • Job ref:

    TL 20/1

  • Startdate:


Senior Application Security Developer/Engineer

Job Description:

Our client; a global Tier 1 Bank are looking to source a Senior Application Security Developer/Engineer, located in their Denver offices. The Cyber Security Technology (CST) function within Global Information Security is responsible for innovation, architecture, engineering, solutions and capabilities development, deployment maintenance and support of information technology security controls. The CST team is also responsible for the management of the program/project management teams.


Job Preparation:


There are two demonstrated success paths to this role:


Application Developer:

The ideal candidate is a top performer in an enterprise Application Development role, they have professional exposure to Application Security and/or have taken demonstrable steps to move into an application security role.  Exposure can be in the form of exercising Appsec products or remediating results from a central security group’s assessment of their application. Candidates must have current practitioner level skills in enterprise-level SDLC tools and processes.


Application Security Engineer:

This candidate has dedicated security experience, either embedded in an application development organization or as a central security group. They have been directly responsible for working with developers to remediate code vulnerabilities from SAST, DAST and/or IAST results. Candidates will have team experience in selecting, implementing and managing application security tools on an enterprise scale.


Required Skills:

  • .NET or Java Web Application development on an enterprise scale
  • Code review practice, functional and quality focus
  • Technical leadership in design, development and/or support
  • Application/product management experience
  • Software testing, QA or security leadership
  • Utilization of APIs such as RESTful Services
  • Scripting ability in Python or similar language


Desired Skills:

  • Vulnerability rating and analysis (CVE, CVSS, CWE ratings) utilization
  • Proficiency with a static analyzer such as Checkmarx, Fortify SCA or Coverity
  • Understanding of application security vulnerabilities and preventions
  • CISSP, GISSP or other relevant secure coding certification(s)
  • iOS or Android Mobile application development for consumer applications
  • Technical specification development, both internally and for vendor software
  • Threat modeling of application architecture
  • Business experience in and/or supporting the financial sector
  • Security vulnerability assessment techniques during design, development, and testing
  • Operation of enterprise policy and standards for technologies and development
  • Engagement of key stakeholders, both technical and senior leadership


Preferred Experience Level:

  • 5 plus years of experience with public internet web and/or consumer mobile development
  • 2 years of experience involved in testing, QA or security-related activities (can be concurrent)
  • Bachelor’s Degree in Computer Science, Engineering or equivalent experience