XceedSearch. com
Insurance
ApplicationSecurityEngineer
Neural analysis suggests this role is
optimal for mid candidates.
“Application Security Engineer at XceedSearch. com. Skills: Application Security Engineering, Software Development Leadership, Java, Angular, Spring Boot, REST API Security, Vulnerability Assessment and Remediation. Conduct application security assessments and vulnerability scans. Analyze, prioritize, and track security findings”
What You'll Achieve.
Ensuring applications are secure by design; Identifying vulnerabilities; Guiding remediation efforts; Providing meaningful security metrics and reporting; Ensuring quality, stability, and resilience of applications; Delivering high-quality, secure software
Industry & Context.
Analytical skills; Problem-solving abilities; Attention to detail
What They're Looking For.
Must Have
5+ years of hands-on application security engineering experience, including vulnerability assessment and remediation, 7+ years of software development experience with Java and Angular/AngularJS, 3+ years of experience in a technical leadership or lead engineering capacity, Proficient in: Java, Spring Boot, Spring Security, REST Web Services, Microservices, JavaScript, TypeScript, AngularJS, Angular, HTML, CSS, JUnit, Mockito, Git, Maven, and SQL, Hands-on experience with enterprise application security scanning platforms such as Veracode, Checkmarx, Fortify, or similar tools, including SAST, DAST, and SCA scan configuration, results interpretation, and developer-facing remediation guidance, understanding of the OWASP Top 10 and how vulnerabilities manifest in enterprise Java and JavaScript applications, Experience securing REST APIs, including OAuth2, JWT, and Spring Security implementations, Demonstrated ability to produce clear vulnerability reports with severity ratings, impact assessments, and recommended mitigations for both technical and non-technical audiences, Experience in project estimation, requirements gathering, system design, agile story creation, release support, and agile methodologies, written and verbal communication skills with the ability to engage both development teams and IT leadership effectively, Excellent analytical and problem-solving abilities with attention to detail, Team-oriented, adaptable, and motivated to support both engineering excellence and organizational security goals
Nice to Have
GitHub Copilot, AI-assisted security tooling, AWS, GCP, Drupal, Jasmine, Karma, IntelliJ, Eclipse, STS, WebStorm, Rancher, Jira, PL/SQL, Checkmarx, Fortify, Burp Suite, Security certifications such as CSSLP, CEH, GWAPT, or equivalent application security credentials are a plus
What You'll Do.
Conduct application security assessments and vulnerability scans
and track security findings
Remediate security vulnerabilities
Guide developers on secure coding practices
and implement REST API security controls
Produce vulnerability reports and executive summaries
Establish and maintain application security policies
Participate in Architecture Review Board discussions
Evaluate AI-generated code for security risks
Leverage AI-assisted security tooling
Support compliance and audit activities
Take full ownership of team deliverables
Establish and enforce coding standards and development practices
Serve as technical lead for major system components
and maintain code for scalable user interfaces and services
Understand data flows and system integrations
Identify and resolve performance issues
and system inefficiencies
Act as the primary technical liaison with stakeholders
How You'll Work.
Team & Collaboration
Embed application security expertise directly into the engineering organization; Influence architecture decisions; Mentor development teams; Collaborate with development teams on secure coding practices; Engage with IT leadership; Translate requirements into scalable solutions; Manage stakeholder expectations; Foster a culture of accountability, security awareness, and continuous improvement
Communication Scope
Written communication skills; Verbal communication skills; Ability to engage both development teams and IT leadership effectively; Produce clear, well-structured vulnerability reports and executive summaries for both technical teams and leadership
Process & Methodology
Project estimation, Requirements gathering, System design, Agile story creation, Release support, Agile methodologies
Full Job Description
Insurance Company Company is seeking a Lead Application Security Engineer to play a critical dual role at the intersection of secure software development and hands‑on engineering leadership. This position is ideal for a technologist who is passionate about building modern applications and ensuring they are secure by design. In this role, you will embed application security expertise directly into the engineering organization. Approximately half of your focus will be on application security, identifying vulnerabilities, guiding remediation efforts, and providing meaningful security metrics and reporting. The other half will be spent leading and contributing to the design, development, and delivery of applications built with Java and Angular. The ideal candidate naturally bridges security and engineering, influencing architecture decisions, mentoring development teams, and championing best practices that balance strong security with scalability, performance, and delivery speed. This position is based in our Scottsdale, AZ office. After completing an initial training period, the role offers a hybrid schedule with four days in the office and one remote day per week. Responsibilities Application Security * Conduct application security assessments and vulnerability scans using Veracode (SAST, DAST, and SCA) across Java, Spring Boot REST services, AngularJS, and Angular applications. * Analyze, prioritize, and track security findings through their full remediation lifecycle, ensuring timely resolution and appropriate escalation. * Hands-on remediate security vulnerabilities directly in Java, Spring Boot, AngularJS, and Angular codebases, while also guiding developers on secure coding practices and mitigation techniques specific to the Java and JavaScript ecosystem. * Review, assess, and implement REST API security controls hands-on, including coding authentication, authorization, input validation, and data protection solutions directly within Spring Boot services. * Produc
Applying for this Application Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on SmartRecruiters
- SmartRecruiters often includes a video screening step — check camera and mic permissions.
- Link your GitHub or portfolio directly in the profile section for technical roles.
- Applications may be reviewed by AI scoring before reaching a recruiter — use keywords from the job description.
ANONYMOUS · UNFILTERED
What do employees actually say about XceedSearch. com?
Real rants from real employees. Read before you apply.