Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security

$141.3k - $237.4k

AT&T

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered. Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability, and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk‑taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future—you’ll create it. We are seeking an Application Security Engineer to strengthen the security of our applications and APIs through dynamic application security testing (DAST), runtime application self‑protection (RASP), and API security engineering. This is an application security engineering role, not a traditional security operations position. The ideal candidate is a security‑minded engineer with strong hands‑on experience in web application and API security, who understands modern application attacks and can translate that understanding into practical testing, protection, and remediation strategies. This role sits at the intersection of AppSec engineering and production defense, with responsibility for identifying exploitable vulnerabilities both before deployment and while applications are running in production, reducing risk from active attacks, misuse, and exposed application behavior. This candidate will also evaluate and implement AI‑assisted security capabilities to improve coverage, prioritization, and speed—such as intelligent scan orchestration, alert triage, anomaly detection for API abuse, and developer‑facing remediation guidance—while ensuring results are valid, measurable, explainable, and safe for production use. Job Summary You will own and scale dynamic security capabilities across the Software Delivery Lifecycle (SDLC) and production, with a strong emphasis on: DAST automation and integration into CI/CD pipelines RASP and in‑process runtime protection (e.g., JVM/.NET CLR instrumentation) API Security engineering for internal and external/internet‑facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a candidate with an application security mindset first: someone who can assess real‑world exploitability, validate findings, work directly with developers on durable remediation, and build or extend automation in code when existing tooling does not fully solve the problem. You’ll partner closely with security teams, platform teams, and developers to define policy, deploy controls safely, tune security tool detections, reduce false positives, and measurably improve security outcomes. Detailed Job Description This role focuses on active defense for web applications and APIs through a combination of security testing, runtime instrumentation, and API protection. The candidate will help design and mature security programs that combine: Dynamic application and API testing to identify exploitable vulnerabilities, logic weaknesses, and misconfigurations as early as possible Runtime protection and instrumentation via runtime security principals and tools such as RASP to detect and, where appropriate, block exploit attempts in production, with an emphasis on protecting API traffic, application workflows, and business logic API security capabilities such as API gateway onboarding and policy enforcement, abuse prevention (e.g., scraping/bots), technical reviews and deep dives, and continuous discovery of undocumented, unmanaged, or exposed APIs Success in this role requires deep application security knowledge—including web and API attack patterns, authentication and authorization weaknesses, exploitability analysis, and vulnerability remediation—as well as ability to script, automate, integrate, and build lightweight solutions when commercial tooling is insufficient. The right candidate will be comfortable moving between hands‑on security testing, technical analysis, developer partnership, and security engineering automation, with a focus on reducing meaningful application risk. Key Responsibilities AI‑Assisted Security Engineering Identify practical opportunities to apply AI‑assisted approaches across DAST, API testing, runtime telemetry, and security workflows (e.g., prioritization, correlation, anomaly detection, automated enrichment, and remediation support). Implement AI‑enabled workflows to reduce false positives, improve triage efficiency, and accelerate remediation (e.g., intelligent deduplication, exploitability scoring, and auto‑generated developer guidance with human review). Partner with platform and engineering teams to integrate AI‑assisted and automated security capabilities into pipelines and operational processes in a measurable, repeatable, and secure way. DAST & Dynamic Testing (Scale and Automation) Own the DAST lifecycle, including onboarding, authenticated scanning, scan orchestration, environment readiness, tuning, and false‑positive reduction. Integrate DAST and automated API testing into CI/CD pipelines using repeatable, maintainable security‑as‑code patterns. Create standards and runbooks for scan profiles, test data, authentication/session handling, and release readiness criteria. Perform triage and validate exploitability of findings, distinguishing between theoretical issues and meaningful application risk. Translate findings into clear, actionable developer remediation guidance, and partner with teams to verify effective fixes. API Security Engineering (Internet‑Facing, Gateway, Discovery) Partner with API gateway and edge teams to implement and tune security controls such as schema/contract validation, request filtering, threat protections, rate limiting, and throttling. Drive API discovery and inventory capabilities to identify and govern “shadow” and “zombie” APIs and establish processes to bring them under security review and lifecycle management. Perform and automate security testing aligned to the OWASP API Security Top 10, including authorization failures such as BOLA/BFLA. Assess API exposure and abuse risk, including authentication/authorization weaknesses, object access patterns, input validation issues, data leakage, and business logic abuse. Help implement protections against abuse of exposed endpoints, including bot/automation defenses, scraping prevention, and volumetric misuse controls. RASP & Runtime Active Defense (In‑Process Instrumentation) Deploy, configure, and tune runtime security solutions (such as RASP) integrated into application runtimes (e.g., JVM, .NET CLR) to monitor execution and defend against attacks in production. Establish safe rollout patterns (detect‑only → tuned detection → selective enforcement), with guardrails to minimize performance impact and avoid breaking application behavior. Analyze runtime telemetry to identify attack patterns such as injection attempts, exploitation chains, abnormal access behavior, and policy violations. Tune runtime protections based on observed application behavior and threat patterns, with a focus on reducing exploitability while supporting development teams in achieving long‑term remediation. Collaborate closely with developers and architects to ensure runtime protections complement, rather than replace, secure design and code‑level fixes. Security Engineering & Collaboration Build and maintain metrics that reflect meaningful security outcomes, such as coverage, false‑positive rate, exploit validation rate, time‑to‑triage, and time‑to‑remediation. Develop automation, integrations, scripts, and lightweight internal tooling to improve testing coverage, reduce manual effort, and extend security capabilities where needed. Create documentation, templates, and self‑service enablement that help engineering teams adopt secure patterns and scale security practices. Support application/API‑related security investigations by providing technical analysis, exploit context, and remediation guidance. Qualifications / Requirements / Skills 5+ years (or equivalent) of experience in application security, product security, offensive security, or secure software engineering with strong hands‑on technical depth. Strong hands‑on experience in web application and API security, including vulnerability identification, exploit validation, remediation support, and secure design considerations. Demonstrated ability to evaluate, implement, and operationalize AI‑assisted security tooling/workflows (build vs. buy), with a focus on measurable improvements in signal quality, coverage, and remediation efficiency. Demonstrated experience scaling DAST and automated dynamic testing, including authenticated scanning, scan tuning, and CI/CD integration. Strong expertise in API security, including OAuth2/OIDC, JWT, API gateways, authorization testing, and testing techniques for REST and GraphQL APIs. Practical experience implementing and tuning RASP or similar in‑process runtime protections in production environments. Deep understanding of the OWASP Top 10 and OWASP API Security Top 10, especially authorization failures (BOLA/BFLA), injection, SSRF, deserialization, security misconfiguration, and business logic abuse. Ability to write code and build technical solutions to automate workflows, develop integrations, create test harnesses/utilities, or build lightweight internal security tools when needed. Proficiency in one or more scripting/programming languages such as Python, Go, JavaScript, or Bash, with demonstrated ability to apply coding skills to security engineering problems. Strong understanding of modern application architectures, including APIs, microservices, cloud‑native design patterns, authentication flows, and runtime environments. Working knowledge of cloud‑native platforms and production concepts (containers, Kubernetes, observability/logging/tracing), with the ability to use that knowledge in support of application security engineering. Strong communication skills and the ability to translate security findings into clear, prioritized engineering actions for developers and stakeholders. Nice‑to‑Haves / Preferred or Desired Skills Experience developing internal security tools, custom integrations, reusable libraries, or testing frameworks to extend AppSec capabilities. Background in offensive security, adversarial testing, bug bounty, web exploitation, or vulnerability research. Experience applying analytics/ML concepts to security telemetry (behavior baselining, anomaly detection, clustering/deduplication) for APIs and runtime signals. Familiarity with AI‑assisted secure SDLC use cases such as code/query generation for test cases, guided threat modeling, and intelligent fuzzing, with strong validation practices. Experience defining quality metrics for AI outputs (precision/recall proxies, FP/FN tracking, drift detection) and operating feedback loops. Experience with API discovery platforms and managing shadow/zombie API reduction programs (inventory, ownership, governance workflows). Hands‑on experience with GraphQL‑specific risks, including introspection exposure, depth/complexity attacks, and field‑level authorization weaknesses. Experience designing safe enforcement strategies for production protections, including progressive rollout, canarying, SLO awareness, and performance testing. Familiarity with service mesh patterns (mTLS, traffic policies) and edge protections (WAF/WAAP concepts) as they relate to API protection. Relevant certifications such as OSWE, GIAC GWAPT/GWEB, or similar hands‑on application security credentials. Salary and Location Weekly Hours: 40 Time Type: Regular Location: Alpharetta, Georgia; Atlanta, Georgia; Bedminster, New Jersey; Bothell, Washington; Dallas, Texas; Middletown, New Jersey; USA: NC: Charlotte / Research Dr - Dat: 9139 Research Dr Salary Range: $141,300.00 - $237,400.00 Benefits Medical/Dental/Vision coverage 401(k) plan Tuition reimbursement program Paid Time Off and Holidays (at least 23 days of vacation each year and 9 company‑designated holidays) Paid Parental Leave Paid Caregiver Leave Additional sick leave beyond what state and local law require may be available but is unprotected Adoption Reimbursement Disability Benefits (short‑term and long‑term) Life and Accidental Death Insurance Supplemental benefit programs: critical illness/accident hospital indemnity/group legal Employee Assistance Programs (EAP) Extensive employee wellness programs Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available), and AT&T phone Equal Employment Opportunity Statement It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made. #J-18808-Ljbffr AT&T

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security in Bedminster, NJ vacancy
  • AT&T is seeking an Application Security Engineer for a key role in enhancing the security of applications and APIs. The ideal candidate will have extensive hands-on experience in DAST, API security engineering, and scripting/programming to automate security processes. This... 
    Suggested

    AT&T

    Bedminster, NJ
    3 days ago
  • $47 - $52 per hour

     ...Responsibilities Support product security activities for medical devices, including...  ...management principles and integrate cybersecurity risks into safety analyses such as FMEA...  ...cybersecurity premarket guidance and other applicable regulatory standards. Perform threat... 
    Suggested

    Cynet Systems

    Raritan, NJ
    3 days ago
  • $110k - $186k

     ...quickly, reliably, and securely. Any time you swipe...  ...Fiserv. Job Title API Security Engineer About your role:...  ...-end, design through runtime, using cutting-edge...  ..., SRE, platform, and application teams with clear communication...  ...experience and leads to stronger... 
    Suggested
    Contract work
    Temporary work
    H1b
    Work at office
    Monday to Friday

    Fiserv

    Berkeley Heights, NJ
    3 days ago
  • A leading technology firm is seeking a Cloud Security Engineer to secure a government client's cloud environment. The ideal candidate will have extensive Azure experience and cyber security skills, with responsibilities including implementing security controls and enabling... 
    Suggested
    Remote job

    Highbrow LLC

    Berkeley Heights, NJ
    5 days ago
  •  ...Job Title: Cloud Security Engineer Job Location: Berkeley Heights,...  ...by identifying network and application security requirements, implementing...  .... • Enable Cloud Cybersecurity controls and compliance requirements...  ...and function as an overall lead managing end to end... 
    Suggested
    Work at office
    Local area
    Relocation

    Veracity

    Berkeley Heights, NJ
    4 days ago
  • $90k - $158.4k

     ...quickly, reliably, and securely. Any time you...  ...Cyber Security Engineer About your role...  ..., cloud, and application services, leveraging...  ...understanding of cybersecurity principles, threat...  ...automation, APIs, software development...  ...onboarding experience and leads to stronger... 
    Temporary work
    H1b
    Work at office
    Monday to Friday

    Fiserv

    Berkeley Heights, NJ
    2 days ago
  •  ...Moore & Van Allen PLLC, a dynamic and fast-growing full-service...  ...an experienced Business Application Analyst/Engineer to join our team. The Business...  ...Ensure data quality, security, and process compliance...  ...configuration, integrations, and API Integrations Familiarity... 
    Remote work

    Moore & Van Allen

    Whitehouse Station, NJ
    16 days ago
  • A technology solutions company is seeking a Security Engineer to architect and maintain build and deployment automation specifically for Azure...  ...implementing modern DevOps solutions, this position offers a long-term opportunity in a dynamic setting. #J-18808-Ljbffr Highbrow

    Highbrow

    Berkeley Heights, NJ
    2 days ago
  • Senior Application Engineer (Front-end and Back-end) Full-time Our client, an award-winning cyber bullying solution provider, is seeking full-time...  ...: Ability to write code that can access multiple APIs in parallel with scalable architecture Proficient in Node.js... 
    Full time

    Maania Consultancy Services

    Bedminster, NJ
    3 days ago
  •  ...leader in Fintech and payments, is seeking a Data Protection Security Engineer in Berkeley Heights, New Jersey. The role requires...  ...protect sensitive data. Candidates should have over 6 years of cybersecurity experience, familiarity with PAM and IAM technologies, and... 

    Shoptalk

    Berkeley Heights, NJ
    1 day ago
  •  ...Senior Cloud Security Engineer Location: Whitehouse Station, NJ or Philly - Hybrid Duration: 6 months Job description We are looking...  ...Partnering with Engineering, Infrastructure Services, and Application Development organizations to choose appropriate technology solutions... 

    Georgia IT Inc

    Whitehouse Station, NJ
    3 days ago
  •  ...NAVA Software is looking for a Security Engineer Details: Security Engineer...  ...with peer groups and Solution Architects, Application Owners and Developers in the Business Units...  ...Connect, Oauth ~ Ability to use Ping Federate and Ping Access admin API... 
    Full time

    Nava Software Solutions

    Berkeley Heights, NJ
    3 days ago
  • $105k - $151k

     ...If you are unable to complete this application due to a disability, contact this employer...  ...alternative application process. Senior Security Engineer - Job ID 3104 Regular Full-Time Technical...  ...and update SIRP response plans and lead incident response teams. Monitor system... 
    Full time
    Temporary work
    For contractors
    Work experience placement
    Work at office

    iconectiv

    Bridgewater, NJ
    9 hours ago
  •  ...Security Engineer Job ID: 2023-12074 Job Location: Alpharetta, GA (preferred), Frisco, TX (#2...  ...maintain build and deployment automation applications for cloud – specifically Azure Drive...  ...infrastructure as code for setting up the Ping runtime environment Deliver expert level... 

    Highbrow

    Berkeley Heights, NJ
    5 days ago
  • $120k - $200k

    A leading technology firm is seeking Software Engineers for roles at junior, intermediate, or senior levels...  ...in developing system applications for data center monitoring and security. Ideal candidates should...  ...science fundamentals. Join a dynamic, growing organization... 

    P. Chappel Associates, Inc.

    Basking Ridge, NJ
    4 days ago
  •  ...is looking for a Cloud Security Architect Details...  ...(recommended): Sc-100 Cybersecurity Architect, Sc-300...  ...AZ-500 Azure Security Engineer. Crowdstrike Falcon...  ...Security Solutions. Lead architecture reviews...  ...protection, SIEM/SOAR, and application testing.... 
    Full time

    Nava Software Solutions

    Berkeley Heights, NJ
    2 days ago
  • $105k - $151k

    Iconectiv, Llc. is looking for a Senior Security Engineer in Bridgewater, NJ, offering a competitive salary range between $105,000 to $151,000 annually. The role focuses on security monitoring, incident response, and developing security policies. Candidates should have... 
    Work experience placement
    Work at office

    Iconectiv,-Llc.

    Bridgewater, NJ
    2 days ago
  • $120.5k - $231k

     ...people who anticipate, lead, and believe that listening...  ...The Verizon Network Security team is looking for a...  ...experienced Principal Engineer to join the Net-Sec Defense...  ..., particularly the application of CIS Benchmarks (Level...  ...Expertise in using Python, API, Ansible, or Terraform-... 
    Full time
    Temporary work
    Part time
    Work experience placement
    Work at office
    Work from home
    Shift work
    3 days per week

    Verizon

    Basking Ridge, NJ
    8 days ago
  • Job Title: Sr. Cloud Security Architect Job ID: 2024-13094 Job Location...  ...Cloud Security Solutions Lead architecture reviews for...  ...protection, SIEM/SOAR, and application testing. Create infosec requirements...  ...security needs. Monitor cybersecurity policies, compliance... 
    Permanent employment
    Local area
    Relocation

    Highbrow LLC

    Berkeley Heights, NJ
    4 days ago
  • $35 per hour

     ...Job Title : Application Engineer Location : Bridgewater, NJ Contractor Work Model : Onsite Hours : M-F 8am-5pm Compensation : $35.00/hr Type...  ...project team with ability to communicate directly with customers. Leads ongoing harmonization and administration of laboratory test... 
    Permanent employment
    Contract work
    For contractors
    Local area

    System One

    Bridgewater, NJ
    2 days ago
  • Iconectiv,-Llc. is seeking a Senior Security Engineer in Bridgewater Township, NJ to oversee security engineering tasks and enhance application security. The ideal candidate will conduct security assessments, manage incident responses, and ensure system protection against... 
    Work at office

    Iconectiv,-Llc.

    Bridgewater, NJ
    2 days ago
  • Dormont Manufacturing Co is seeking a Cybersecurity Specialist in Berkeley Heights, NJ, to safeguard sensitive data and defend network systems against threats. You will implement advanced security measures and work alongside experts to develop and deploy security solutions... 
    Full time

    Dormont Manufacturing Company

    Berkeley Heights, NJ
    5 days ago
  •  ...Senior Cloud Security Engineer We’re hiring a Senior Cloud Security Engineer to serve as the dedicated owner of cloud security remediation...  ...Entra ID (Azure Entra): app registrations and Enterprise Application permissions, consent governance, service principals and managed... 

    United IT

    Warren, NJ
    4 days ago
  •  ...Job Title: Senior Cloud Security Engineer Location: Warren NJ (Hybrid) Required: ~ Bachelor's degree in Computer science...  ..., and stakeholder management skills. ~ Ability to lead technical discussions, architecture reviews, and cross-functional... 

    Lorven Technologies

    Warren, NJ
    4 days ago
  • System One in Bridgewater, NJ is looking for an Application Engineer to support the Packaging segments at their Technical Center. Key responsibilities include operating pilot machines, performing lab tests, and preparing reports for customers. The ideal candidate will... 

    System One

    Bridgewater, NJ
    4 days ago
  • $87k - $120k

     ...coatings, supporting film-based applications and new business...  ...through commercialization. Lead lab-based development, including...  ...Chemical, Mechanical, or Materials Engineering, Chemistry, or similar field....  ...comfortable working independently in a dynamic environment. ~ Travel... 
    Minimum wage
    Full time
    Local area
    Flexible hours

    Henkel

    Bridgewater, NJ
    a month ago
  • Job Title: Application Programmer Lead (C#) Job ID: 2024-13036 Job Location: Omaha, NE, Berkeley Heights...  ...Responsibilities: Develop and deploy APIs, websites, and related software into...  ...HTML frameworks like Angular or React. Security: Deep understanding of Azure security... 
    Permanent employment
    Local area
    Relocation

    Highbrow

    Berkeley Heights, NJ
    2 days ago
  • A dynamic tech company based in the United States is seeking a skilled Application Programmer Lead (C#) to develop and deploy APIs and websites in the Azure cloud. The ideal candidate will have over 5 years of experience as a Lead .NET Application Developer, proficiency... 

    Highbrow

    Berkeley Heights, NJ
    2 days ago
  •  ...Solutions Engineer – Reston, VA Are you ready to take...  ...help revolutionize how cybersecurity is managed in large...  ...acquired a significant lead in the marketplace with...  ...Basic understanding of API’s and web services (...  ...environment FAIR information security and operations risk... 
    Work at office

    P. Chappel Associates Inc

    Basking Ridge, NJ
    1 day ago
  •  ...Security Architect Location: Santa Clara CA / Bridgewater NJ / Seattle WA / Charlotte NC (Must work from any of client locations) Duration: Fulltime Job Description: Drive technical discussions with customer. Understand business requirements and able... 
    Full time

    Zortech Solutions

    Bridgewater, NJ
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security. Be the first to apply!