Senior Applications Security Engineer

Risepoint assists primarily regional universities in increasing their access and impact by making their academic programs available to students online. Founded in 2007, Risepoint's mission is to expand access to high-quality, affordable, and workforce-relevant education, especially for working and adult students. Risepoint brings single-minded dedication to student success, an integrated set of services, and data-driven performance to our collaboration with university partners.

We are seeking an Application Security Engineer to join our engineering team. In this role, you will be responsible for ensuring the security of solutions by integrating security practices throughout the product and software development lifecycle. This role involves vulnerability analysis, threat modeling, and collaborating with cross-functional teams to maintain a robust application security posture. Working closely with the Security, Development, and Operations teams, you will ensure our software products and infrastructure maintain high security, reliability, and compliance standards.

If you’re excited about enabling development teams to deliver secure, high-quality software and want to significantly reduce security risks, this may be your perfect role. 

Essential Functions and Responsibilities:

• Collaborate with Product and Development teams to embed security into the software development lifecycle, from design to maintenance. 

• Guide secure architecture, coding practices, and integration into CI/CD pipelines. 

• Implement and maintain automated application vulnerability scanning tools, including static (SAST) and dynamic (DAST) security testing solutions. 

• Coordinate manual application penetration testing assessments through third-party engagements and validate results. 

• Respond to application security incidents using industry-standard practices to identify, contain, and remediate vulnerabilities. 

• Monitor and optimize reporting and alerting systems to effectively identify, prioritize, and address application security risks. 

• Maintain comprehensive records of vulnerability detections and security posture across all systems, ensuring consistent improvement. 

• Support risk management, compliance, and audit activities by collecting evidence and producing reports to demonstrate security program effectiveness. 

• Serve as a first point of contact for reported vulnerabilities, triaging issues from internal sources, clients, and external researchers. 

• Conduct architectural and design reviews to identify vulnerabilities and recommend improvements to the application security posture. 

Technical Qualifications:

• 3+ years of experience in application security, software security engineering, or related roles. 

• Hands-on experience with vulnerability management tools (e.g., Nessus, Qualys, SonarQube, GitHub scanning). 

• Proficiency in integrating security into CI/CD pipelines (e.g., Jenkins, GitLab CI, Azure DevOps). 

• Demonstrated experience in identifying and technically qualifying application security vulnerabilities in a full-time capacity for large-scale web, financial services, or mobile applications. 

• Familiarity with authentication and authorization frameworks (e.g., SAML, OIDC, OAuth 2.0) and applied cryptography concepts. 

• Ability to read and comprehend application source code (e.g., TypeScript, JavaScript, C#, Java, Swift) and identify vulnerabilities such as command injection and inappropriate cryptographic usage. 

• Effective written and verbal communication skills, with the ability to raise awareness and coordinate remediation activities. 

• Excellent communication skills, able to translate complex security concepts for various audiences. 

• Strong stakeholder management skills to coordinate with teams such as DevOps, QA, Product, and core Security. 

• Proven ability to lead cross-functional initiatives and drive results in a matrixed environment. 

Preferred Skills (Nice-to-Have): 

• Relevant certifications (e.g., CISSP, CISM, OSCP). 

• Experience with scripting languages (e.g., Python, Bash) for automation. 

• Exposure to compliance frameworks (e.g., SOC2, PCI-DSS, HIPAA). 

• Familiarity with common security frameworks (e.g., OWASP Top Ten, CWE, ISO 27001, NIST). 

• Strong analytical skills to validate and reproduce reported vulnerabilities through manual testing or scripting. 

Education: 

Bachelor’s degree (or related experience) in Computer Science, Management Information Systems, Cybersecurity, or a related field.  

Risepoint is an equal opportunity employer and supports a diverse and inclusive workforce.