Job Overview
This role leads advanced application and cloud security initiatives within a growing cybersecurity function. The position focuses on secure software development practices, cloud security architecture, and driving improvement across engineering teams. Candidates who demonstrate deep technical expertise, proven leadership, and experience building security programs will be prioritized for interviews.
Must Haves
- 5+ years in application security, cloud security, or related cybersecurity engineering roles
- Expertise in secure development practices, SSDLC, and modern application architectures
- Hands-on experience with security testing tools (SAST, DAST, IAST, SCA)
- Strong cloud security capabilities across major platforms (AWS, Azure, or GCP)
- Experience designing or maturing DevSecOps programs and CI/CD security controls
- Ability to lead security projects, mentor engineers, and influence cross-functional teams
- Strong communication skills with the ability to translate complex security concepts
- Relevant certifications preferred (such as CISSP, CCSP, CSSLP, GIAC, cloud security specialties)
What the Client Needs You to Do
This role strengthens the organization’s application and cloud security posture by shaping strategy, executing roadmap initiatives, and embedding security throughout development pipelines. You will collaborate with engineering, DevOps, and operational teams to integrate strong controls into daily work, while guiding engineers and promoting a culture of secure design.
Key Responsibilities
- Design and evolve the application and cloud security program, ensuring alignment with organizational needs
- Build and maintain a structured SSDLC with security gates, threat modeling, and secure coding standards
- Develop, test, and implement advanced controls for application and cloud environments
- Drive adoption and refinement of Cloud Security Posture Management capabilities
- Integrate code analysis tools into development workflows and support developers with remediation guidance
- Mentor junior and mid-level engineers through technical coaching and strategic direction
- Partner closely with development and DevOps teams to embed security into pipelines and deployment processes
- Conduct and oversee assessments including code reviews, penetration testing, configuration audits, and vulnerability management
- Research, evaluate, and recommend emerging security tools and architectural approaches
- Lead incident response efforts for application and cloud-related events, driving rapid mitigation
- Engage external partners and vendors to align tooling and practices with industry expectations
- Ensure all practices align with organizational values and demonstrate commitment to continuous improvement
- Perform additional security-related tasks as assigned
Additional Information
- Bachelor’s degree in a technical field or equivalent professional experience required; advanced education preferred
- Strong understanding of modern dev environments, microservices, APIs, and container security
- Familiarity with common frameworks such as OWASP, NIST CSF, and NIST 800-53
- Ability to manage large initiatives, communicate across teams, and influence strategic decisions
- Proficiency with standard productivity tools (e.g., M365)
- Hybrid schedule required: generally 1–2 days onsite per week depending on business needs
- Remote work requires a secure, stable, and compliant workspace
- Standard business hours based on Eastern time
W2 employees of Overture Partners who work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), 401(k) starting on day one, a variety of voluntary benefits including life and disability insurance, and sick time if required by law in the worked-in state/locality.
#25255