Application Security Engineer

Here at Priority Dispatch, we know that protecting lives starts with the right protocols, training, and ensuring systems are safe and reliable. We're looking to hire a full time Application Security Engineer to use their expertise to build and defend secure systems that support our mission of delivering life saving dispatch systems! This is your chance to join an award winning company while having your work contribute and make a direct impact for good in communities around the world.

We offer benefits that include medical, dental, vision, legal, and pet insurance, 401K and company contributions, PTO, short and long term disability and life insurance, and more while having meaningful work at a company that's been voted as a top place to work in Utah for the past 5 years running! Come see why our teams love to work here!

Job Summary
We are seeking an experienced Application Security Engineer to secure our web and desktop applications by implementing and managing SAST, DAST, and SCA processes. This role partners with developers, QA, and DevOps to embed security into CI/CD pipelines, conduct code reviews, and promote secure coding practices. The ideal candidate has deep expertise in OWASP Top Ten risks, API security, and threat modeling, with experience addressing unique challenges in desktop applications where automation is limited. Familiarity with cloud-native and AI-driven systems is essential, along with knowledge of compliance frameworks such as ISO 27001, NIST, CMMC, and Cyber Essentials. This position reports to the Executive Director of Enterprise Solutions and Technology and plays a critical role in strengthening the organization’s overall security posture. This is a hybrid role based in Salt Lake City, Utah.

Major Responsibilities

• Ensure all application code is thoroughly tested and scanned for risks, vulnerabilities, and third-party dependencies using SAST, DAST, and SCA tools.
• Provide additional attention to desktop applications where automated security tooling may be limited, developing custom solutions as needed.
• Conduct penetration testing on core products, as well as other web applications and public-facing websites.
• Design and implement security controls for APIs, including secure authentication, authorization, and protection against common threats such as cross-site request forgery (CSRF).
• Collaborate with development teams to integrate Identity and Access Management (IAM) solutions aligned with least privilege and zero trust principles.
• Serve as a key contributor to the security architecture and design of software systems, working closely with engineering teams to embed security into technical decisions.
• Participate in the internal Security Council, contributing to strategic decisions and security governance.
• Lead training initiatives for developers, QA, and DevOps teams to promote secure design principles and a security-first mindset.
• Collaborate with engineering teams to integrate security into the software development lifecycle (SDLC).
• Perform threat modeling and risk assessments to identify and mitigate potential vulnerabilities early in the development process.
• Stay current with evolving security regulations, compliance standards, and emerging threats, ensuring organizational alignment and readiness.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 3–5 years of experience in application security, software development, or related technical roles.
• Strong understanding of secure coding practices, OWASP Top Ten, and software security testing methodologies.
• Hands-on experience with SAST, DAST, and SCA tools (CodeQL, Aikido, Tenable, DerScanner) and techniques.
• Ability to develop custom scripts and automation to support security scanning, especially for desktop applications where tooling may be limited.
• Familiarity with penetration testing, threat modeling, and secure architecture design.
• Knowledge of API security, IAM, authentication and authorization protocols, and common web vulnerabilities such as CSRF and XSS.
• Experience working with cloud-native applications and modern development environments.
• Familiarity with security regulations and compliance frameworks such as ISO 27001, SOC 2, and GDPR.
• CISSP or other relevant security certifications (e.g., OSCP, CSSLP) preferred.
• Excellent communication skills and ability to collaborate across engineering, QA, and DevOps teams.

Physical Requirements/Essential Job Functions

• Design and implement security controls to ensure all application code is tested and up to security standards
• Conducting testing on core products, web applications, and other public facing websites to identify and reduce security threats
• Collaborate closely with development teams to provide security guidance into technical decisions
• Ability to multi-task technical problems efficiently 
• Ability to communicate technical concepts to both users and programmers effectively. 
• Problem-solving 
• Frequent computer and telephone use 
• Sitting for long periods of time 
• Concentrating for long periods of time. 
• Occasional travel of less than 10% may be required. 

Our Company: Priority Dispatch Corp. is an Equal Opportunity Employer. We are a small, fast-growing provider of consulting, training, and software products for the public safety market. Priority Dispatch is based in the U.S. in downtown Salt Lake City, Utah. We offer a comprehensive benefits package including medical, dental, and matching 401(k) programs, etc. Priority Dispatch Corp. (PDC) provides comprehensive, integrated solutions for Police, Fire, and Medical emergency dispatching. We incorporate the Priority Dispatch System® approved by the International Academies of Emergency Dispatch in all our products. PDC offers multi-agency emergency dispatching ProQA® software, as well as a card-set version, AQUA® quality improvement software, training, consulting, and Academy accreditation support. www.prioritydispatch.net