Application Security Engineer
Overview
Glocomms is partnered with a leading financial services firm to identify an accomplished Application Security professional to help drive secure software delivery at scale within a modern, cloud-first environment operating under a hybrid work model. The successful candidate will be responsible for defining and executing the application security strategy across the organization's software development life cycle. This individual will work closely with engineering, platform, and cloud teams to embed security controls, tooling, and guardrails into CI/CD pipelines, enabling secure and scalable application delivery without compromising developer experience or delivery velocity. This is a hybrid opportunity based in Pennsylvania, Dallas, or Charlotte.
Key Responsibilities
- Define and drive the application security strategy and roadmap aligned with enterprise security and governance objectives
- Embed security across the Secure SDLC, CI/CD pipelines, and cloud-native delivery processes
- Integrate, automate, and operate application security tooling (SAST, SCA, IAST, RASP) at scale
- Establish security guardrails, controls, and scan coverage across repositories, pipelines, and environments
- Partner closely with developers through code reviews, agile ceremonies, and feedback loops to enable secure-by-design delivery
- Lead vulnerability assessment, risk prioritization, and remediation guidance
- Measure and report on application security maturity, metrics, and coverage
- Ensure security best practices and standards adherence across cloud, container, serverless, mobile, and emerging technologies
- Provide hands-on technical leadership while optimizing developer experience and usability
Required Experience & Skills
- Undergraduate degree in a related field or equivalent combination of training and experience.
- Strong background in Application Security, DevSecOps, or Secure Software Engineering
- Experience securing modern application environments, including cloud, containers, and serverless architectures
- Proven expertise integrating security into CI/CD pipelines, source code repositories, and IDEs
- Hands-on knowledge of application security testing tools and vulnerability management workflows
- Solid understanding of secure coding practices, modern programming languages, and SDLC processes
- Familiarity with OWASP Top 10, NIST, MITRE, and industry security standards
- Ability to collaborate effectively with engineers, platform teams, and security leadership
- Experience using metrics and risk-informed decision making to guide security priorities
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your CV so you can be considered for roles that have yet to be created.
Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.