Application Cybersecurity Solutions Engineer

Provide technical consultation across a wide variety of technical cybersecurity domains such as Secure DevOps, Identity & Access Management, Threat & Vulnerability Management, Data Protection, Cloud Security, Network and Cloud environments Perform threat modeling, security design reviews, and technical remediation guidance for new and existing system interfacing with engineers, architects, product owners or leaders. Drive proactive identification of threats and vulnerabilities and coordinate remediation prioritization and implementation across stakeholders. Review source code and advise on vulnerabilities and validate risk ratings. Drive secure-by-design patterns across services and APIs, including secure protocol and API design, cryptography guidance, and key/certificate management best practices. Build, measure and report AppSec program maturity and effectiveness using KPIs/KRIs; maintain application security issue register and provide visibility on progress to senior leadership. Lead developer outreach within GDS by partnering with BISO peers to create practical guidance, training, and a security champions program to raise security awareness and adoption. Mentor engineering teams on secure development practices and act as an escalation point for complex application security issues. Support and coordinate between threat intelligence, cyber defense and offensive security teams for GDS applications and services. Stay current on evolving threats, regulatory requirements, and industry best practices, and incorporate them into application security program improvements. Bachelor`s or Master`s degree in technical discipline or equivalent experience; technical Master`s degree preferred 10 years of experience in cybersecurity, including a minimum of 3 years in an application security role. 5 years designing and developing software (demonstrated ability to read, understand, and review source code). Proven experience building and scaling application security programs in enterprise environments and influencing outcomes across large, matrixed organizations. Strong understanding of threat modeling, vulnerability management, OWASP Top 10, and modern application security risks. Deep practical knowledge of secure software development practices, DevSecOps principles, and CI/CD tooling and infrastructure-as-code automation with familiarity with platforms such as GitHub Actions, Confluence, JIRA. Hands-on experience with static code analysis (SAST), dynamic application scanning (DAST), dependency/SCA tools, and managing false positives. Experience securing cloud-based platforms and applications; multi-cloud experience desired, AWS experience preferred Experience securing containerized/Kubernetes deployments and modern microservices architectures. Familiarity with penetration testing or ethical hacking techniques Prior experience developing, maintaining and reporting for application security KPIs/KRIs Strong stakeholder management, communication, and leadership skills -- able to translate technical risk into business impact and influence senior leaders Industry cybersecurity and/or technology certifications are an expectation Negotiation skills; oral and written communication skills Ability to work CT or EST is required