Applications Security Engineer III (Cybersecurity)

TL;DR

Applications Security Engineer III (Cybersecurity): Driving the strategy, implementation, and maturity of the application security program with an accent on integrating security tooling into CI/CD pipelines and fostering a security-first development culture. Focus on architectural guidance, vulnerability management, and ensuring compliance with industry standards like OWASP and FedRAMP.

Company

hirify.global is a global leader in lottery technology, providing secure, reliable, and comprehensive digital and retail solutions to customers worldwide.

What you will do

• Lead the application security program, including tool selection, policy enforcement, and risk reporting.
• Integrate AppSec tooling into CI/CD pipelines to enable scalable, developer-friendly security controls.
• Provide architectural guidance and secure design recommendations during development planning.
• Oversee the deployment and tuning of SAST, SCA, secrets management, and DAST tools.
• Partner with product teams to embed secure coding practices, review threat models, and triage vulnerabilities.
• Mentor other AppSec engineers and champion a security-first development culture.

Requirements

• 5–10 years of experience in Application Security or Secure Software Development.
• Proven experience leading application security programs in CI/CD-heavy environments.
• Deep expertise in securing cloud-native applications and integrating AppSec tools like Semgrep, Mend, or GitHub Advanced Security.
• Hands-on experience with CI/CD integrations using GitHub Actions, GitLab CI, or Jenkins.
• Strong communication and influencing skills to drive security adoption across diverse teams.
• Knowledge of DAST tools and Pentest methodologies.

Culture & Benefits

• Commitment to a diverse, fair, and inclusive global workplace.
• Opportunity to work for a trusted partner to governments and regulators worldwide.
• Focus on professional growth and mentoring within a large-scale engineering organization.
• Emphasis on information security training and continuous improvement.