Application Security Developer IV

• Lead and drive application security initiatives and programs across the organization, ensuring alignment with business objectives and regulatory compliance.
• Spearhead the design and implementation of security controls, detection mechanisms, and prevention strategies for web, mobile, and cloud-based applications.
• Conduct advanced application security testing including DAST, SAST, IAST, and manual penetration testing using tools such as Burp Suite, OWASP ZAP, and others.
• Analyze, triage, and prioritize security findings, providing actionable remediation guidance and proof-of-concept exploits.
• Mentor and guide junior developers and security engineers in secure coding practices and application security principles.
• Collaborate with development, DevOps, and infrastructure teams to integrate security into CI/CD pipelines and automated testing frameworks.
• Participate in solution architecture reviews and provide security design guidance to ensure risk mitigation at the architectural level.
• Maintain and enhance security tooling, automation, and processes, including DAST/SAST platforms, vulnerability management systems, and security orchestration tools.
• Lead source code reviews with a focus on identifying and mitigating common vulnerabilities such as OWASP Top 10, SQL Injection, XSS, CSRF, RCE, XXE, SSRF, etc.
• Develop custom tools, scripts, and integrations to support security automation, reporting, and remediation workflows.
• Represent the security team in cross-functional teams and contribute to incident response and forensic analysis.
• Provide strategic direction and thought leadership on application security topics, including threat modeling, secure coding standards, and emerging threats.
• Contribute to security training, documentation, and awareness initiatives for development teams.
• Perform any other job related duties as requested.

• Bachelor's in computer science, software engineering, or a related field required
• Equivalent years of relevant work experience may be accepted in lieu of required education
• Seven (7) years software development experience required
• Five (5) years experience performing application security testing required

• Deep technical understanding of software development and security, with proficiency in languages such as JavaScript, Python, Golang, C#, PHP, Ruby, Java, PowerShell, and T-SQL
• In-depth understanding of HTTP protocols, web hosting platforms, and network security
• Strong knowledge of security testing tools including Burp Suite, OWASP ZAP, SAST/DAST tools (e.g., Veracode, GitHub Advanced Security, Checkmarx), and security orchestration platforms
• Proficient in threat modeling, vulnerability assessment, and secure code review practices
• Skilled in designing and implementing security controls within cloud-native environments (AWS, Azure, GCP)
• Familiarity with OAuth/OIDC, API security, and identity and access management (IAM)
• Strong understanding of multi-platform operating systems including Windows, macOS, Linux, iOS, and Android
• Knowledgeable of configuration management tools, scripting, automation, and CI/CD pipelines
• Excellent communication, documentation, and presentation skills, with the ability to influence and collaborate across diverse technical and business teams
• Proven ability to lead projects, mentor junior staff, and influence technical strategy
• Self-motivated, analytical, and highly detail-oriented
• Innovation-driven with a strong sense of ownership and accountability
• Ability to work effectively in a distributed, global environment, including virtual collaboration

• Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), Offensive Security Experienced Penetration Tester (OSEP), GIAC Certified Web Application Defender (GWEB) preferred

• General office environment; may be required to sit or stand for extended periods of time
• Travel is not typically required

Compensation Range:
$113,000.00 - $197,700.00 CareSource takes into consideration a combination of a candidate's education, training, and experience as well as the position's scope and complexity, the discretion and latitude required for the role, and other external and internal data when establishing a salary level. In addition to base compensation, you may qualify for a bonus tied to company and individual performance. We are highly invested in every employee's total well-being and offer a substantial and comprehensive total rewards package.

Compensation Type:
Salary

Competencies:
- Fostering a Collaborative Workplace Culture
- Cultivate Partnerships
- Develop Self and Others
- Drive Execution
- Influence Others
- Pursue Personal Excellence
- Understand the Business

This job description is not all inclusive. CareSource reserves the right to amend this job description at any time. CareSource is an Equal Opportunity Employer. We are dedicated to fostering an environment of belonging that welcomes and supports individuals of all backgrounds.

#LI-GB1