Application Security Engineer 4

The Application Security Engineer 4 is a senior technical contributor responsible for building, implementing, and scaling secure-by-default practices across our software development lifecycle. This role blends deep software-engineering experience with advanced AppSec expertise. You'll design, build, and automate security capabilities directly in developer workflows - ensuring our products remain resilient from code to cloud. You'll act as both a hands-on engineer and a technical mentor: writing secure code, creating automation pipelines, conducting design and code reviews, and helping development teams ship secure, high-quality software at scale.

Secure SDLC Integration and Automation

Build and maintain security automation within CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, Azure DevOps) - integrating SAST, DAST, SCA, IaC, and secret-scanning tools. * Develop custom security utilities, libraries, and APIs to automate detection and remediation of vulnerabilities. * Partner with development teams to embed security controls into the design and build phases of the SDLC. * Define and measure secure-development maturity using NIST SSDF, OWASP SAMM, and internal engineering metrics.

Secure Design and Threat Modeling

• Lead design reviews and threat modeling sessions for complex or distributed applications. * Translate potential threats into secure design requirements and reusable code patterns. * Collaborate with product and engineering teams to ensure secure design decisions are implemented correctly during development.

Code Review and Vulnerability Analysis

• Perform secure code reviews across multiple languages (C#, Java, Python, Go, JavaScript/TypeScript). * Develop automated processes and tooling to prioritize and track remediation of critical issues. * Reproduce and validate vulnerabilities, and contribute secure code fixes or proof-of-concept patches when necessary.

DevSecOps and Cloud Security Engineering

• Engineer AppSec integrations for containerized and cloud-native workloads (AWS, Azure, GCP). * Automate infrastructure-as-code validation and container image scanning (Terraform, CloudFormation, Kubernetes). * Create developer self-service tooling for security validation and vulnerability triage.

Mentorship and Technical Enablement

• Mentor developers and other security engineers on secure coding, automation, and threat analysis. * Deliver internal training sessions and demos on advanced security engineering practices. * Drive adoption of secure development frameworks and patterns across engineering teams.

* Bachelor's degree or equivalent experience. * 10+ years combined experience in software development and application security, with at least 3 years in a senior or lead engineering capacity. * Strong proficiency in two or more programming languages (C#, Java, Python, Go, JavaScript/TypeScript). * Demonstrated ability to design and build automation for application-security testing and secure SDLC. * Deep understanding of secure coding principles, vulnerability classes, and modern development practices. * Experience implementing security programs aligned with NIST SSDF, OWASP ASVS, and SLSA. * Hands-on familiarity with AppSec tools such as CodeQL, Snyk, Burp Suite, Trivy, Checkov, or similar. * Proven success leading threat modeling, secure design validation, and remediation efforts across multiple teams. * Excellent communication skills - able to translate complex technical issues into actionable developer guidance. * Relevant certifications (CSSLP, OSWE, CISSP) are beneficial but secondary to demonstrated engineering ability.

Why You'll Love This Role

• You'll write code and build tools, not just review them. * You'll automate security into developer workflows so teams can deliver safely and faster. * You'll have freedom to innovate and implement security solutions that scale. * You'll collaborate with world-class developers who value security as a fundamental part of product quality.

Based on individual states' employment laws, the following details are to comply with the relevant salary posting requirements: base salary range of $132,000-165,000 and eligible for benefits

What you can expect next

• Hyland Recruiters thoroughly review every application and will contact you within 1 to 2 weeks regarding next steps. Be sure to add Hyland to your contacts list and check your spam folder so you never miss a message from us!
• Any follow up questions? Email your Recruiter directly at Careers@Hyland.com.

Benefits

401(k) Retirement Savings. Flexible Schedule. Paid Time Off. Medical, Dental, Vision. Volunteer Paid Time Off. Wellness Reimbursement. Paid Parental Leave. Sabbatical Program.

Find out more by going to https://www.hyland.com/en/resources/articles/why-work-at-hyland .

Welcome to #HylandLife

Since 1991, it has been Hyland's mission to help our employees, customers and partners exceed their potential with our industry-leading content services platform. Our employees exude a contagious energy and are passionate about what they do - whether it's helping customers succeed, raising up their fellow Hylanders, or engaging in the communities where they live and work.

The #HylandLife hashtag encompasses our employee-centric culture. Our employees live our culture day in and day out by bringing their best self to work. Hyland supports them to do just that through career development resources, wellbeing programs and innovation practices. We thrive on diverse viewpoints and new ideas and believe that a positive, inclusive workplace is imperative to sustainable success.

As we've grown to a company of nearly 4,000 strong, we have the opportunity to make a significant impact on our communities. We strongly support employee initiatives and align our giving campaigns and programs to organizations that are important to them.

We are committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of race, color, religion, creed, national origin or ancestry, sex, age, physical or mental disability, veteran or military status, genetic information, sexual orientation, marital status, gender identity, or any other legally recognized protected basis under federal, state or local laws, regulations or ordinances. The information collected by this application is solely to determine suitability for employment, verify identity and maintain employment statistics on applicants.