Application Security Lead Specialist

Job Title: Application Security Lead Specialist Location: Huntsville, Alabama Experience: 12+ Years Employment Type: Contract Interview Type: In-Person or Webcam Job Description We are seeking an experienced Application Security Lead Specialist with strong expertise in security architecture, secure software development, vulnerability management, and risk mitigation for enterprise applications. The ideal candidate will lead application security practices, collaborate with engineering teams, and implement best-in-class security controls across the SDLC. Key Responsibilities Lead the application security program and define security standards, policies, and best practices. Perform security architecture assessments, threat modeling, and design reviews for new and existing applications. Conduct secure code reviews, penetration testing, vulnerability scanning, and analysis of security findings. Collaborate closely with development, DevOps, QA, and product teams to integrate security into the SDLC. Manage and prioritize remediation of vulnerabilities and guide engineering teams on mitigation strategies. Drive implementation of security automation and tooling across CI/CD pipelines. Evaluate and integrate third-party security technologies and frameworks. Prepare security documentation, risk assessments, and executive-level reporting. Train internal teams on secure coding practices and application security awareness. Ensure compliance with security and regulatory requirements such as NIST, ISO, FedRAMP, or similar frameworks. Required Qualifications 12+ years of IT experience with at least 7+ years in Application Security. Strong hands-on experience with security testing tools such as SAST, DAST, IAST, SCA (examples: Veracode, Checkmarx, Fortify, Burp Suite, OWASP ZAP Deep knowledge of OWASP Top 10, secure SDLC, threat modeling, and secure architecture principles. Experience with Cloud environments such as AWS, Azure, or GCP security controls. Strong background in DevSecOps, CI/CD pipelines, and automation. Proficiency with programming languages such as Java, .NET, Python, JavaScript, or similar for code review. Experience with API and microservices security. Familiarity with regulatory standards and compliance frameworks. Excellent communication and stakeholder management skills. Preferred certifications: CISSP, CSSLP, CEH, OSCP, or GWAPT.

Job Title: Application Security Lead Specialist Location: Huntsville, Alabama Experience: 12+ Years Employment Type: Contract Interview Type: In-Person or Webcam Job Description We are seeking an experienced Application Security Lead Specialist with strong expertise in security architecture, secure software development, vulnerability management, and risk mitigation for enterprise applications. The ideal candidate will lead application security practices, collaborate with engineering teams, and implement best-in-class security controls across the SDLC. Key Responsibilities Lead the application security program and define security standards, policies, and best practices. Perform security architecture assessments, threat modeling, and design reviews for new and existing applications. Conduct secure code reviews, penetration testing, vulnerability scanning, and analysis of security findings. Collaborate closely with development, DevOps, QA, and product teams to integrate security into the SDLC. Manage and prioritize remediation of vulnerabilities and guide engineering teams on mitigation strategies. Drive implementation of security automation and tooling across CI/CD pipelines. Evaluate and integrate third-party security technologies and frameworks. Prepare security documentation, risk assessments, and executive-level reporting. Train internal teams on secure coding practices and application security awareness. Ensure compliance with security and regulatory requirements such as NIST, ISO, FedRAMP, or similar frameworks. Required Qualifications 12+ years of IT experience with at least 7+ years in Application Security. Strong hands-on experience with security testing tools such as SAST, DAST, IAST, SCA (examples: Veracode, Checkmarx, Fortify, Burp Suite, OWASP ZAP Deep knowledge of OWASP Top 10, secure SDLC, threat modeling, and secure architecture principles. Experience with Cloud environments such as AWS, Azure, or GCP security controls. Strong background in DevSecOps, CI/CD pipelines, and automation. Proficiency with programming languages such as Java, .NET, Python, JavaScript, or similar for code review. Experience with API and microservices security. Familiarity with regulatory standards and compliance frameworks. Excellent communication and stakeholder management skills. Preferred certifications: CISSP, CSSLP, CEH, OSCP, or GWAPT.

• Government Careers

Show more