ActiveSoft, Inc · 23 hours ago
Lead Application Security Engineer (Cloud & DevSecOps) - Atlanta, GA 30326 - Fulltime/Permanent Position
Atlanta, GA
Full-time
Hybrid
Senior Level, Lead/Staff
4+ years expActiveSoft, Inc is seeking a Lead Application Security Engineer to drive secure SDLC practices across cloud-native environments. This role involves partnering with Security Architecture and Engineering teams to embed security into software delivery and operate AppSec/CloudSec tooling.
Human ResourcesRecruitingStaffing AgencyTechnical Support
Hiring Manager
Devender Gandham
Responsibilities
Lead secure code reviews and pre-release security validation (SAST, DAST, SCA, API, IaC, container scans)
Operate and optimize AppSec/CloudSec tooling including WAF, CSPM, and CNAPP
Triage and manage vulnerabilities, false positives, and Responsible Disclosure submissions
Partner with Cloud teams to harden AWS/Azure/GCP (containers, serverless, Kubernetes, secrets)
Automate security workflows using Python, PowerShell, Bash, Terraform, and CI/CD pipelines
Support secure pipeline design and DevSecOps integration
Mentor engineers and promote secure coding and AI-augmented development best practices
Qualification
Required
4+ years in Application/Product Security or secure software engineering
Strong DevSecOps experience in cloud-native environments (microservices, APIs, containers/K8s, serverless, IaC)
Hands-on with SAST, DAST, SCA, API security testing, container/IaC scanning, and CNAPP/CSPM
Knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, OAuth2/OIDC/JWT, and common web/API vulnerabilities
Experience with vulnerability triage, bug bounty, or responsible disclosure workflows
Strong cloud architecture understanding
Preferred
WAF engineering and tuning experience
Software supply chain security (SBOMs, signing, dependency risk)
Security certifications (CISSP, CSSLP, GWAPT, cloud security certs)
Company
ActiveSoft, Inc
Since 2007, Active Soft, Inc.
201-500 employees
Funding
Current Stage
Growth StageCompany data provided by crunchbase