Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security

$128.4k - $192.6k
Full-time

AT&T

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered. Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it. We are seeking an Application Security Engineer to strengthen the security of our applications and APIs through a combination of dynamic application security testing (DAST), runtime application self-protection (RASP), and API security engineering. This is an application security engineering role, not a traditional security operations position. The ideal candidate is a security-minded engineer with strong hands-on experience in web application and API security, who understands modern application attacks and can translate that understanding into practical testing, protection, and remediation strategies. This role sits at the intersection of AppSec engineering and production defense, with responsibility for identifying exploitable vulnerabilities both before deployment and while applications are running in production, reducing risk from active attacks, misuse, and exposed application behavior. This candidate will also evaluate and implement AI-assisted security capabilities to improve coverage, prioritization, and speed — such as intelligent scan orchestration, alert triage, anomaly detection for API abuse, and developer-facing remediation guidance — while ensuring results are valid, measurable, explainable, and safe for production use. Job Summary: You will own and scale dynamic security capabilities across the Software Delivery Lifecycle (SDLC) and production, with a strong emphasis on: DAST automation and integration into CI/CD pipelines RASP and in-process runtime protection (e.g., JVM/.NET CLR instrumentation) API Security engineering for internal and external/internet-facing endpoints, including edge/API gateway protections and continuous API discovery (shadow/zombie APIs) This role is best suited for a candidate with an application security mindset first: someone who can assess real-world exploitability, validate findings, work directly with developers on durable remediation, and build or extend automation in code when existing tooling does not fully solve the problem. You’ll partner closely with security teams, platform teams, and developers to define policy, deploy controls safely, tune security tool detections, reduce false positives, and measurably improve security outcomes. Detailed Job Description: This role focuses on active defense for web applications and APIs through a combination of security testing, runtime instrumentation, and API protection. The candidate will help design and mature security programs that combine: Dynamic application and API testing to identify exploitable vulnerabilities, logic weaknesses, and misconfigurations as early as possible Runtime protection and instrumentation via runtime security principals and tools such as RASP to detect and, where appropriate, block exploit attempts in production, with an emphasis on protecting API traffic, application workflows, and business logic API security capabilities such as API gateway onboarding and policy enforcement, abuse prevention (e.g., scraping/bots), technical reviews and deep-dives, and continuous discovery of undocumented, unmanaged, or exposed APIs Success in this role requires deep application security knowledge — including web and API attack patterns, authentication and authorization weaknesses, exploitability analysis, and vulnerability remediation — as well as ability to script, automate, integrate, and build lightweight solutions when commercial tooling is insufficient. The right candidate will be comfortable moving between hands-on security testing, technical analysis, developer partnership, and security engineering automation, with a focus on reducing meaningful application risk. Key Responsibilities: AI-Assisted Security Engineering Identify practical opportunities to apply AI-assisted approaches across DAST, API testing, runtime telemetry, and security workflows (e.g., prioritization, correlation, anomaly detection, automated enrichment, and remediation support). Implement AI-enabled workflows to reduce false positives, improve triage efficiency, and accelerate remediation (e.g., intelligent deduplication, exploitability scoring, and auto-generated developer guidance with human review). Partner with platform and engineering teams to integrate AI-assisted and automated security capabilities into pipelines and operational processes in a measurable, repeatable, and secure way. DAST & Dynamic Testing (Scale and Automation) Own the DAST lifecycle, including onboarding, authenticated scanning, scan orchestration, environment readiness, tuning, and false-positive reduction. Integrate DAST and automated API testing into CI/CD pipelines using repeatable, maintainable security-as-code patterns. Create standards and runbooks for scan profiles, test data, authentication/session handling, and release readiness criteria. Perform triage and validate exploitability of findings, distinguishing between theoretical issues and meaningful application risk. Translate findings into clear, actionable developer remediation guidance, and partner with teams to verify effective fixes. API Security Engineering (Internet-Facing, Gateway, Discovery) Partner with API gateway and edge teams to implement and tune security controls such as schema/contract validation, request filtering, threat protections, rate limiting, and throttling. Drive API discovery and inventory capabilities to identify and govern “shadow” and “zombie” APIs and establish processes to bring them under security review and lifecycle management. Perform and automate security testing aligned to the OWASP API Security Top 10, including authorization failures such as BOLA/BFLA. Assess API exposure and abuse risk, including authentication/authorization weaknesses, object access patterns, input validation issues, data leakage, and business logic abuse. Help implement protections against abuse of exposed endpoints, including bot/automation defenses, scraping prevention, and volumetric misuse controls. RASP & Runtime Active Defense (In-Process Instrumentation) Deploy, configure, and tune runtime security solutions (such as RASP) integrated into application runtimes (e.g., JVM, .NET CLR) to monitor execution and defend against attacks in production. Establish safe rollout patterns (detect-only → tuned detection → selective enforcement), with guardrails to minimize performance impact and avoid breaking application behavior. Analyze runtime telemetry to identify attack patterns such as injection attempts, exploitation chains, abnormal access behavior, and policy violations. Tune runtime protections based on observed application behavior and threat patterns, with a focus on reducing exploitability while supporting development teams in achieving long-term remediation. Collaborate closely with developers and architects to ensure runtime protections complement, rather than replace, secure design and code-level fixes. Security Engineering & Collaboration Build and maintain metrics that reflect meaningful security outcomes, such as coverage, false-positive rate, exploit validation rate, time-to-triage, and time-to-remediation. Develop automation, integrations, scripts, and lightweight internal tooling to improve testing coverage, reduce manual effort, and extend security capabilities where needed. Create documentation, templates, and self-service enablement that help engineering teams adopt secure patterns and scale security practices. Support application/API-related security investigations by providing technical analysis, exploit context, and remediation guidance. Qualifications / Requirements / Skills: 5+ years (or equivalent) of experience in application security, product security, offensive security, or secure software engineering with strong hands-on technical depth. Strong hands-on experience in web application and API security, including vulnerability identification, exploit validation, remediation support, and secure design considerations. Demonstrated ability to evaluate, implement, and operationalize AI-assisted security tooling/workflows (build vs. buy), with a focus on measurable improvements in signal quality, coverage, and remediation efficiency. Demonstrated experience scaling DAST and automated dynamic testing, including authenticated scanning, scan tuning, and CI/CD integration. Strong expertise in API security, including OAuth2/OIDC, JWT, API gateways, authorization testing, and testing techniques for REST and GraphQL APIs. Practical experience implementing and tuning RASP or similar in-process runtime protections in production environments. Deep understanding of the OWASP Top 10 and OWASP API Security Top 10, especially authorization failures (BOLA/BFLA), injection, SSRF, deserialization, security misconfiguration, and business logic abuse. Ability to write code and build technical solutions to automate workflows, develop integrations, create test harnesses/utilities, or build lightweight internal security tools when needed. Proficiency in one or more scripting/programming languages such as Python, Go, JavaScript, or Bash, with demonstrated ability to apply coding skills to security engineering problems. Strong understanding of modern application architectures, including APIs, microservices, cloud-native design patterns, authentication flows, and runtime environments. Working knowledge of cloud-native platforms and production concepts (containers, Kubernetes, observability/logging/tracing), with the ability to use that knowledge in support of application security engineering. Strong communication skills and the ability to translate security findings into clear, prioritized engineering actions for developers and stakeholders. Nice-to-Haves / Preferred or Desired Skills: Experience developing internal security tools, custom integrations, reusable libraries, or testing frameworks to extend AppSec capabilities. Background in offensive security, adversarial testing, bug bounty, web exploitation, or vulnerability research. Experience applying analytics/ML concepts to security telemetry (behavior baselining, anomaly detection, clustering/deduplication) for APIs and runtime signals. Familiarity with AI-assisted secure SDLC use cases such as code/query generation for test cases, guided threat modeling, and intelligent fuzzing, with strong validation practices. Experience defining quality metrics for AI outputs (precision/recall proxies, FP/FN tracking, drift detection) and operating feedback loops. Experience with API discovery platforms and managing shadow/zombie API reduction programs (inventory, ownership, governance workflows). Hands-on experience with GraphQL-specific risks, including introspection exposure, depth/complexity attacks, and field-level authorization weaknesses. Experience designing safe enforcement strategies for production protections, including progressive rollout, canarying, SLO awareness, and performance testing. Familiarity with service mesh patterns (mTLS, traffic policies) and edge protections (WAF/WAAP concepts) as they relate to API protection. Relevant certifications such as OSWE, GIAC GWAPT/GWEB, or similar hands-on application security credentials. Supervisor: No Our Lead Cybersecurity earns between $128,400-$192,600 USD Annual Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training. Joining our team comes with amazing perks and benefits: Medical/Dental/Vision coverage 401(k) plan Tuition reimbursement program Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays) Paid Parental Leave Paid Caregiver Leave Additional sick leave beyond what state and local law require may be available but is unprotected Adoption Reimbursement Disability Benefits (short term and long term) Life and Accidental Death Insurance Supplemental benefit programs: critical illness/accident hospital indemnity/group legal Employee Assistance Programs (EAP) Extensive employee wellness programs Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone. #LI-Onsite – Full-time office role- Ready to join our team? Apply today Our Lead Cybersecurity jobs earn between $141,300.00 - $237,400.00 USD Annual. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training. Joining our team comes with amazing perks and benefits: Medical/Dental/Vision coverage 401(k) plan Tuition reimbursement program Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays) Paid Parental Leave Paid Caregiver Leave Additional sick leave beyond what state and local law require may be available but is unprotected Adoption Reimbursement Disability Benefits (short term and long term) Life and Accidental Death Insurance Supplemental benefit programs: critical illness/accident hospital indemnity/group legal Employee Assistance Programs (EAP) Extensive employee wellness programs Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone Weekly Hours: 40 Time Type: Regular Location: Alpharetta, Georgia, Atlanta, Georgia, Bedminster, New Jersey, Bothell, Washington, Dallas, Texas, Middletown, New Jersey, USA:NC:Charlotte / Research Dr - Dat:9139 Research Dr Salary Range: $141,300.00 - $237,400.00 It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made. We are pioneers of making connections and have been ever since Alexander Graham Bell invented the telephone and founded our company. That was nearly 150 years ago, and we haven’t stopped innovating since. At our core, we help bring families, communities, and businesses together with the products and services they need to thrive every day. From the widespread and growing availability of 5G and Fiber to working on things we once only dreamed of—at AT&T, we create connections that change the world.

Vacancy posted 1 day ago
Similar jobs that could be interesting for youBased on the Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security in Dallas, TX vacancy
  •  ...world. Our Chief Security Office ensures...  ...and master cybersecurity to stay ahead...  ...are seeking an Application Security Architect...  ...model-serving APIs, and AI...  ...with AI security engineering to reduce risk...  ...governance - and lead AI Security...  ...deployment, and runtime validation.... 
    Suggested
    Full time
    Work at office
    Relocation

    AT&T

    Dallas, TX
    1 day ago
  •  ...Job Summary The Senior Security Engineer will be responsible for strengthening...  ...the security posture of the applications within Equinix. This role...  ...and Analytics platforms Lead threat modeling for pipeline...  ...i.e. SonarQube, Semgrep) ~ API security (Salt, Traceable,... 
    Suggested
    Full time
    Contract work
    Traineeship
    Work experience placement
    Internship
    Shift work

    Equinix

    Dallas, TX
    a month ago
  •  ...Role as a Cloud Security/Penetration Test Engineer We are seeking...  ...Engineer to join our dynamic team. This is a...  ..., manual web application testing and...  ...data encryption, API security, and...  ...responsible for leading and managing...  ...penetration testing, cybersecurity, with at least... 
    Suggested
    Remote job
    Work experience placement
    Casual work
    Work at office
    Local area
    Flexible hours
    Shift work
    Weekend work
    Afternoon shift

    Appspace

    Dallas, TX
    1 day ago
  • $145.2k - $236.7k

     ...be considered for this position, applications and resumes are accepted only through...  .... What Youll Do: Join our dynamic Security Engineering team as a Lead Associate Principal Cloud Security...  ...impact on our organizations cybersecurity posture. In this role, youll be responsible... 
    Suggested
    Local area
    Remote work
    2 days per week

    DiversityJobs Inc

    Dallas, TX
    2 hours ago
  •  ...the way. Job Title: Cloud Security Engineer Reports To: Director of Cybersecurity & Compliance FLSA Status: Exempt...  ..., Microsoft 365 (M365), and Dynamics 365 (D365). This role focuses...  ...cloud-native workloads and SaaS applications, and partner with IT, DevOps, and... 
    Suggested
    Work at office
    Remote work
    Work from home

    Meriton

    Irving, TX
    4 days ago
  • $115.5k - $135.5k

     ...immediately hiring a Senior Security Engineer Position type: Permanent...  ...Endpoint security, Cloud and application security, Data Security and...  ...SentinelOne, an AI-Powered Enterprise Cybersecurity platform Understanding with Static and Dynamic code testing tools would be... 
    Permanent employment
    Full time
    Temporary work
    Work experience placement
    Immediate start
    Worldwide
    Flexible hours

    Innova Solutions

    Irving, TX
    4 days ago
  •  ...Systems Engineer II - Security THIS ROLE WILL BE BASED ON-SITE,...  ...is one of the nation's leading homebuilders, dedicated...  ...service accounts), and application-based credentials (API keys, tokens). Engineer...  ...in Computer Science, Cybersecurity, Engineering, or related... 
    Work experience placement
    Live in
    Work at office
    Local area

    Lennar

    Irving, TX
    2 days ago
  • Goldman Sachs Group, Inc. is seeking a Lead Information Security Officer for its Asset Management in...  ...This critical role involves overseeing cybersecurity risk, managing Governance, Risk &...  ...The position offers opportunities in a dynamic environment focused on securing client... 

    Goldman Sachs Group, Inc.

    Dallas, TX
    1 day ago
  • A cybersecurity consultancy is seeking a Principal Consultant to drive technical relationships, guide teams on project processes, and articulate business requirements into security features. This fully remote position requires extensive experience in technical architecture... 
    Remote job

    Optiv

    Dallas, TX
    18 days ago
  •  ...We are accepting applications for our very own DoD...  ...Digital Information Security Engineering team is seeking a transitioning...  ...automation, secure API development, cloud...  ...review Static and dynamic analysis Data, AI...  ..., or self-study): Cybersecurity operations... 
    Full time
    Contract work
    Traineeship
    Internship
    Flexible hours

    Equinix

    Dallas, TX
    a month ago
  • $130k - $220k

    Overview The Senior Cyber Security Engineer will lead and execute security initiatives across the application lifecycle, integrating security...  ...Security Testing (SAST) and Dynamic Application Security Testing...  ...vulnerability tracking and reporting. API & Web Application Security... 

    East West Bank

    Dallas, TX
    4 days ago
  • $100k - $110k

     ...Product Security Engineer Full Time Indirect Labor Dallas, TX, US 5 days ago Requisition ID: 2188 Salary Range: $100,000.00 To $110,000.00...  ...initiatives. In partnership with the Group Product Security team, lead local investigations into suspected breaches, counterfeiting... 
    Full time
    Temporary work
    For subcontractor
    Local area
    Flexible hours

    Cartamundi -Dallas,TX

    Dallas, TX
    1 day ago
  •  ...seeking a AI Security Architect - Dallas...  .... The role leads technically, sets...  ..., and guides engineers day‑to‑day...  ..., connectors, APIs, templates) to...  ...Sandboxing - design runtime environments...  ...AI and LLM application stacks (RAG, tools...  ...and automate cybersecurity posture (... 
    For subcontractor

    NTT DATA, Inc.

    Dallas, TX
    3 days ago
  •  ...Senior Application Support Engineer Are you ready to make an impact at DTCC? Do...  ...projects, collaborate with a dynamic and supportive team, and...  ...Technology group delivers secure, reliable technology solutions...  ...systems Understanding of APIs, distributed systems, and... 
    Permanent employment
    Remote work
    Flexible hours
    Weekend work

    Dtcc

    Dallas, TX
    4 days ago
  •  ...Sachs Group, Inc. is seeking a Vice President for Security Engineering in Dallas, Texas. You will perform application security assessments, including code reviews...  ...role requires a Master's or Bachelor's degree in Cybersecurity or related field and significant experience in... 

    Goldman Sachs Group, Inc.

    Dallas, TX
    3 days ago
  • $116.03k - $140k

     ...experienced Staff Information Security Engineer to join us in a full...  ...the protocol, Web Application Firewall (WAF)...  ...testing, and APIs Understanding of...  ...the-art connectivity, cybersecurity, voice, cloud and colocation...  ...backed by industry-leading service and reliability... 
    Full time
    Work at office
    Immediate start
    Remote work
    Flexible hours
    2 days per week

    Segra

    Dallas, TX
    17 hours ago
  • Cartamundi is seeking a Product Security Engineer in Dallas, TX to ensure the safety of intellectual property related to collectible trading cards. This role requires a combination of legal, technical, and operational expertise to prevent theft and counterfeiting. You'll... 

    Cartamundi -Dallas,TX

    Dallas, TX
    2 days ago
  • Infineon Technologies AG is seeking a Senior Staff Engineer in Security Digital Design based in Dallas, Texas. This role merges creativity...  ...efficient solutions. With at least 5 years of experience, applicants should possess strong problem-solving skills and a sense of... 

    Infineon Technologies AG

    Dallas, TX
    5 days ago
  • A leading cybersecurity firm is seeking a Senior Cyber Security Engineer to enhance IAM and Secrets Management capabilities. This role involves strategic support, collaboration for technology implementation, and automation of processes. The ideal candidate has over 5 years... 

    Novacoast

    Dallas, TX
    4 days ago
  •  ...Cloud Security Engineer Greenberg Traurig (GT), a global law firm with locations across the world in 15 countries, has an exciting employment...  ...'s degree in computer science, Information Technology, Cybersecurity, or equivalent experience Typically, 5–7 years of... 

    Greenberg Traurig

    Dallas, TX
    5 days ago
  •  ...comprehensive network and security architectures for mission-critical...  ...with network and system engineering teams to embed secure-by-...  ...servers, databases, and applications meet hardened configuration...  ...qualifications: - Bachelor's Degree in Cybersecurity, Computer Science,... 
    Permanent employment
    Temporary work
    Work experience placement
    Remote work

    Randstad Digital

    Irving, TX
    17 hours ago
  • $110k - $125k

     ...the top of the range.The **Security Engineer I** plays a vital role in securing...  .... This position leads security operations including...  ...Improvements:** Review of applications and systems to ensure industry...  ...in Information Security or Cybersecurity.* 5+ years of hands-on experience... 
    Work at office
    Remote work

    Akumin

    Dallas, TX
    1 day ago
  • $160k - $220k

     ...are seeking a Senior Information Security Engineer – Data Security to lead and mature the bank’s data security...  ...across enterprise, cloud, and application environments through strong technical...  ...Bachelor's degree in Cybersecurity, Computer Science, or a related field... 

    East West Bank

    Dallas, TX
    4 days ago
  • Goldman Sachs Group, Inc. is seeking a Security Engineer to enhance cybersecurity posture within their Asset and Wealth Management division. This hands...  ...teams to ensure robust security measures across applications and cloud platforms. The ideal candidate should possess... 

    Goldman Sachs Group, Inc.

    Dallas, TX
    5 days ago
  •  ...Senior Security Engineer Duration: Full Time Location: Cleveland, OH,...  ...proposed by infrastructure and application engineers before high-risk...  ...reviewing Docker image CVEs, runtime security alerts, and container...  ...misconfigurations, and API security gaps providing security... 
    Full time
    Immediate start

    System One Holdings, LLC

    Dallas, TX
    2 days ago
  •  ...Kimley-Horn is seeking a Network Security Engineer to help lead and mature our network security function...  ...This is not a remote position. Applicants must be legally authorized to work...  ...’s degree in Information Security, Cybersecurity, or a related field ~4+ years of... 
    Work visa
    Flexible hours

    Kimley-Horn

    Dallas, TX
    2 days ago
  •  ...Network Security Engineer Immediate need for a talented Network Security...  ...Industry Experience. CyberSecurity SME with experience in SASE...  ...solutions. Our client is a leading Telecom Industry, and we...  ...to all employees and applicants for employment and prohibits... 
    Contract work
    Local area
    Immediate start

    Pyramid Consulting

    Irving, TX
    2 days ago
  • $90k - $115k

     ...Job Title: Security Engineer Location: Dallas, TX Pay: $90,000-$115,000...  ...based collaboration tools and enterprise applications, with a primary focus on Microsoft...  ...experience in a security engineering or cybersecurity-focused role ~ Hands-on... 
    Full time
    Work at office
    Local area

    Addison Group

    Dallas, TX
    5 days ago
  •  ...Cyber Security Analyst Location – Dallas In person Client Interview...  ...and scripting. SKILLS Cybersecurity & Automation Expertise: Requires...  ...of progressive cybersecurity engineering experience with a strong...  ...or Azure), leveraging cloud APIs and security services (AWS Security... 

    Remote Jobs

    Dallas, TX
    2 days ago
  • NTT DATA, Inc. is looking for an AI Security Architect in Dallas, Texas. The successful candidate will...  ...role requires considerable experience in cybersecurity architecture, with a specific focus on securing AI applications and multi-agent frameworks. #J-18808-Ljbffr... 

    NTT DATA

    Dallas, TX
    2 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Lead Cybersecurity - Application Security Engineer - Dynamic, Runtime & API Security. Be the first to apply!