✦ Luna Orbit — Cybersecurity

Lead Application Security Engineer

at Reinsurance Group of America

Unknown 💰 $126K – $188K USD / year Posted April 17, 2026
Apply Now → ← Browse All Jobs

Position Details

Salary $126K – $188K USD / year
Type Not Specified
Experience lead
Exp. Years 6+ years
Education Bachelor's Degree in Arts/Sciences (BA/BS) or equivalent experience
Category Cybersecurity

About this role

This role leads application security efforts by coordinating external penetration tests and managing remediation workflows across multiple application teams. It runs and configures application security tooling (SAST, DAST, SCA, and secrets scanning) and integrates results into engineering practices so teams can fix what matters most.

Key Responsibilities

  • Coordinate external penetration tests (scoping, scheduling, access, logistics) across application teams
  • Triage and prioritize remediation findings based on risk and business context
  • Operate, tune, and maintain SAST and SCA tooling (rulesets, baselines, false-positive management, integrations)
  • Run and configure DAST scanning with safe testing practices and environment coordination
  • Integrate secrets scanning findings into CI/CD workflows and ticketing/SDLC with SLAs

Technical Overview

Hands-on security engineering focusing on CI/CD-integrated security scanning: SAST, DAST, Software Composition Analysis (SCA), and secrets scanning across source control and pipelines. Uses Terraform, Python, Bash, and Jenkins (or equivalent) to tune tools, validate scan results, and drive findings into SDLC and ticketing workflows with SLAs.

Ideal Candidate

The ideal candidate is a lead application security professional with 6+ years of experience in application security, product security, or software engineering with a security focus. They have hands-on experience running SAST, DAST, SCA, and secrets scanning in CI/CD (including Jenkins) and coordinating third-party penetration tests, translating findings into prioritized remediation with clear ownership and SLAs.

Must-Have Skills

6+ years in application securityproduct securityor software engineering with a security focusTerraformPythonBashCI/CDJenkinsrunning and configuring SAST and SCA tooling in CI/CD or adjacent workflowsrunning and configuring DAST scanning and validating results with engineering teamsimplementing and operating secrets scanning across source control and CI/CDcoordinating and consuming third-party penetration testsintegrating findings into ticketing and SDLC workflows

Nice-to-Have Skills

false-positive managementsafe testing practicesknowledge of secrets prevention patterns (rotationvaultingdeveloper guidance)

Tools & Platforms

TerraformPythonBashCI/CDJenkinsSASTStatic Application Security TestingDASTDynamic Application Security TestingSCASoftware Composition AnalysisOWASP Top 10Gitsource controlCI/CD pipelinesticketing systemsSDLC

Required Skills

external penetration testsSASTStatic Application Security TestingDASTDynamic Application Security TestingSCASoftware Composition Analysissecrets scanningTerraformPythonBashCI/CDJenkinsOWASP Top 10Git-based workflowsSDLCSLAssource controlrotationvaultingdeveloper guidance

Hard Skills

external penetration testsSASTStatic Application Security TestingDASTDynamic Application Security TestingSCASoftware Composition Analysissecrets scanningTerraformPythonBashCI/CDJenkinsOWASP Top 10web vulnerabilitiesAPI vulnerabilitiesrisk-based prioritizationfalse-positive managementrulesetsbaselinesGit-based workflowsbuild pipelinesissue trackingticketingSDLCSLAssource controlrotationvaultingdeveloper guidancesecure testing practicesenvironment coordination

Soft Skills

partnering with engineers and product teamscommunication risk clearlydriving alignment on prioritization and timelinesadvanced oral and written communicationcross-functional collaborationstakeholder managementcreating standards and guidanceenablementtranslating findings into actionable remediation plans

Industry & Role

Industry Insurance
Job Function Lead application security tooling and penetration-testing driven remediation across an application portfolio.
Role Subtype Security Engineer
Tech Domains Cybersecurity, Python

Keywords for Your Resume

Lead Application Security EngineerApplication Securityproduct security6+ yearspenetration testsexternal penetration testsSASTStatic Application Security TestingDASTDynamic Application Security TestingSCASoftware Composition Analysissecrets scanningTerraformPythonBashCI/CDJenkinsOWASP Top 10web vulnerabilitiesAPI vulnerabilitiesrisk-based prioritizationfalse-positive managementGit-based workflowsSDLCSLAssource controlrotationvaultingdeveloper guidanceapplication security

Deal Breakers

Bachelor's Degree in Arts/Sciences (BA/BS) or equivalent experience, 6+ years of application security/product security/software engineering experience with a security focus, Hands-on experience with Terraform, Python, Bash, and CI/CD (Jenkins or equivalent), Ability to run/configure SAST, DAST, SCA, and secrets scanning in CI/CD or adjacent workflows

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile