Application Security Engineer - Remote

Are you passionate about securing applications and integrating security into the software development lifecycle? Join our team as an Application Security Engineer, where you'll play a critical role in strengthening our cybersecurity posture. You'll work with cutting-edge tools like SonarQube, GitHub GHAS, JFrog Xray, and Burp Suite to identify and remediate vulnerabilities, configure security testing solutions, and lead secure development training for our engineering teams. If you have a strong technical background in programming, DevSecOps, and security frameworks—and enjoy collaborating with developers to build secure applications—we’d love to hear from you!

WHAT WE CAN OFFER YOU:

• Estimated Salary: $97,000 - $125,000, plus annual bonus opportunity.
• 401(k) plan with a 2% company contribution and 6% company match.
• Work-life balance with vacation, personal time and paid holidays. See our benefits and perks page for details.
• Applicants for this position must not now, nor at any point in the future, require sponsorship for employment.

WHAT YOU'LL DO:

• Perform Security Scans & Analysis – Use tools like SonarQube, GitHub GHAS, JFrog Xray, and Burp Suite to conduct Static (SAST) and Dynamic (DAST) security testing, analyze results, and support developers in remediation.
• Configure & Optimize Security Tools – Set up, fine-tune, and integrate security testing tools within CI/CD pipelines, customizing rules and thresholds to align with organizational needs.
• Report & Remediate Vulnerabilities – Generate detailed security reports, prioritize risks, track remediation progress, and verify that vulnerabilities are properly addressed.
• Lead Security Training – Develop and deliver role-based security training for application developers, ensuring best practices in secure coding and development.
• Enhance Security Engineering – Implement and manage an Application Security Posture Management (ASPM) product, collaborating with stakeholders to optimize security processes.

WHAT YOU’LL BRING:

• Experience & Technical Expertise – At least 3+ years in application security, software development, or DevSecOps, with proficiency in Java, JavaScript, Python, and TypeScript.
• Security Testing & Automation – Hands-on experience with SAST/DAST tools (e.g., SonarQube, Burp Suite, GitHub GHAS) and automation using PowerShell or Python.
• CI/CD & Compliance Knowledge – Familiarity with Jenkins, GitHub workflows, and security frameworks, ensuring secure integration in development pipelines.
• Analytical & Problem-Solving Skills – Ability to assess risks, analyze vulnerabilities, and provide actionable security solutions. This includes interpreting regulations and implementing compliant strategies.
• Strong Communication & Training Skills – Capable of leading security training for developers and effectively communicating technical findings to various stakeholders.
• You promote a culture of diversity and inclusion, value different ideas and opinions, and listen courageously, remaining curious in all that you do.
• Able to work remotely with access to a high-speed internet connection and located in the United States or Puerto Rico.

PREFERRED:

• Preferred certifications or willing to pursue:
  
  • CASP+, CSSLP, CASE, CISSP, CEH, GCIH, GCIA, Security+

We value diverse experience, skills, and passion for innovation. If your experience aligns with the listed requirements, please apply! 

If you have questions about your application or the hiring process, email our Talent Acquisition area at careers@mutualofomaha.com. Please allow at least one week from time of applying if you are checking on the status.

Fair Chance Notices

#Circa