Application Security Engineer

Job Description

EnerSys is seeking an Application Security Engineer to strengthen our application security efforts. As a key liaison between Cybersecurity and development teams, you will integrate security into design, development, deployment, and operations. Your responsibilities include: - Conducting application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities. - Defining, maintaining, and enforcing secure coding standards, patterns, and best practices. - Integrating and managing security tooling within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions. - Supporting secure architecture reviews for cloud-native applications, microservices, and containerized workloads. - Supporting threat modeling, risk assessments, and security architecture reviews for applications. - Ensuring all security practices meet regulatory and compliance requirements. - Developing and delivering cybersecurity training programs for development teams. - Aligning application security practices with frameworks like NIST CSF, ISO 27001, and IEC 62443. - Keeping up to date on emerging threats and providing proactive defenses. - Monitoring and responding to application security threats, incidents, and vulnerabilities. - Staying up to date on regulatory developments and industry trends. - Managing third-party vendor and consultant relationships. - Performing other duties as assigned.

Qualifications

To succeed in this role, you should have: 1. A Bachelor’s degree in a technical field (e.g., Computer Science, Information Systems, Cybersecurity). 2. 5+ years of experience in Information Security, with at least 3 years focused on application security, secure development, or DevSecOps. 3. Demonstrated experience building and scaling an application security program. 4. Strong knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies. 5. Hands-on experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP. 6. Experience conducting threat modeling, penetration testing, secure software development, and secure architecture reviews. 7. Practical experience securing cloud environments (AWS or Azure) and implementing cloud-native security controls. 8. Familiarity with Kubernetes security, container hardening, and runtime protection. 9. Strong communication skills with the ability to collaborate and influence across technical and non-technical teams.

Benefits

- Paid time off plus paid holidays - Comprehensive medical/dental/vision insurance - Life insurance, short/long term disability coverage, tuition reimbursement, flex spending accounts, and employee stock purchase plan - 401K retirement plan