Application Security Engineer (REMOTE)

EnerSys is a global leader in stored energy solutions for industrial applications. We have over thirty manufacturing and assembly plants worldwide servicing over 10,000 customers in more than 100 countries. Worldwide headquarters are located in Reading, PA, USA with regional headquarters in Europe and Asia. We complement our extensive line of Motive Power and Energy Systems with a full range of integrated services and systems. With sales and service locations throughout the world, and over 100 years of battery experience, EnerSys is the power/full solution for stored DC power products. What We’re Offering Paid time off plus paid holidays Medical/dental/vision insurance plan Life insurance, short/long term disability, tuition reimbursement, flex spending, and employee stock purchase plan 401K plan Culture: We value and strive for excellence in all that we do through innovative technology by creating long lasting relationships with our stakeholders, co-workers, and customers. We continually strive to foster teamwork, engagement and enhance our employee’s skills and competence by providing appropriate training. Compensation Range: $117,200 - $146,600 Compensation may vary based on applicant's work experience, education level, skill set, and/or location. Job Purpose The Application Security Engineer is responsible for strengthening the security of our applications, platforms, and development processes. This position partners with software engineers, DevOps teams, and security professionals to embed security into the full software development lifecycle. Collaborate within an expanding Cybersecurity team, and work closely with internal EnerSys teams to ensure new and continued compliance with cybersecurity frameworks and required programs and initiatives.Essential Duties and Responsibilities • Serve as a primary liaison between the Cybersecurity and development teams, ensuring security is integrated into design, development, deployment, and operations.• Conduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities.• Define, maintain, and enforce secure coding standards, patterns, and best practices.• Integrate and manage security tooling within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions.• Support secure architecture reviews for cloud‑native applications, microservices, and containerized workloads.• Support threat modeling, risk assessments, and security architecture reviews for applications.• Ensure that all security practices meet regulatory and compliance requirements.• Develop and deliver cybersecurity training programs for development teams to promote awareness and adherence to best practices.• Ensure application security practices align with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443).• Keep up to date on emerging threats, incorporating threat intelligence into security practices and providing proactive defenses.• Monitor and respond to application security threats, incidents and vulnerabilities.• Stay up to date on regulatory developments and industry trends.• Manage and maintain third-party vendor and consultant relationships .• Perform other duties as assigned. SUPERVISORY RESPONSIBILITIES: N/AQualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Must have an active passport and be willing to travel internationally. Required Qualifications Bachelor’s degree in a technical field (e.g., Computer Science, Information Systems, Cybersecurity). 5+ years of experience in Information Security, with at least 3 years focused on application security, secure development, or DevSecOps. Demonstrated experience building and scaling an application security program, either as the lead or a key contributor. Strong knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies. Hands-on experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP. Experience conducting threat modeling, penetration testing, secure software development, and secure architecture reviews. Practical experience securing cloud environments (AWS or Azure) and implementing cloud-native security controls. Familiarity with Kubernetes security, container hardening, and runtime protection. Strong communication skills with the ability to collaborate and influence across technical and non-technical teams. Preferred Qualifications Relevant certifications such as CISSP, CSSLP, OSCP, GWAPT, CEH, or GIAC Cloud Security. Experience securing embedded systems and mobile applications. Reasoning Ability• Problem management / resolution skills; project management skills; generally accepted security principles.• Ability to analyze data, resources, and schedules to make decisions that affect a project on a regular basis.TRAVEL REQUIRED: Up to 15%General Job Requirements This position will work in an office setting, expect minimal physical demands. EnerSys provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Know Your Rights Know Your Rights (Spanish) We use artificial intelligence to screen, assess and select applicants for open positions, including for the purposes of reviewing and ranking application materials and scoring answers to application questions. Accordingly, decisions about your application and eligibility for employment with EnerSys may be made based exclusively on the automated processing of the personal information that you submit in your application materials.