Specialist Application Security Engineer

Position Overview 

Caesars is seeking a dynamic and experienced Specialist Application Security Engineer to help lead our efforts in building and maintaining a robust and scalable application security program. This role will be pivotal in driving a "shift left" security culture, focusing on integrating security seamlessly into our software development lifecycle (SDLC). The ideal candidate will possess deep expertise in automated code scanning and remediation, SAST, DAST, SCA, CI/CD pipeline integration, and a proven track record of building and leading high-performing security engineering teams. 

As a Specialist Application Security Engineer, you will be responsible for helping to define and execute our application security strategy, ensuring the security of our applications from development to production. You will collaborate closely with development, DevOps, infrastructure, and other cybersecurity teams to embed security best practices and automate security processes, minimizing vulnerabilities and reducing risk.   

What You Will Do 

Strategic Leadership 

• Support the development and implementation of a comprehensive application security strategy aligned with business objectives, focusing on automation and proactive security measures. 

• Champion the "shift left" security philosophy, embedding security considerations early in the SDLC. 

Security Automation and Integration 

• Drive the implementation and optimization of automated security testing tools and processes, including SAST, DAST, SCA, and IAST. 

• Integrate security testing seamlessly into CI/CD pipelines, enabling continuous security monitoring and remediation. 

Technical Leadership 

• Evaluate, select, implement, and optimize new application security technology solutions. 

• Evaluate and manage relationships with security tool vendors, ensuring optimal performance and cost-effectiveness. 

• Collaborate with cross-functional teams to continuously improve application security processes, tools, and workflows. 

Continuous Improvement and Automation 

• Identify opportunities to enhance the identification, assessment, and remediation of software issues and vulnerabilities. 

• Develop and implement scripts and workflows to streamline operations and reduce manual effort. 

• Stay current with emerging security threats, software development practices and platforms, software vulnerabilities, and industry best practices. 

Communication and Collaboration 

• Closely partner with development teams to drive secure coding practices and application security principles. 

• Effectively communicate complex technical issues to both technical teams and non-technical stakeholders. 

• Prepare and deliver reports, dashboards, and presentations to leadership and other departments. 

• Build strong relationships with IT, DevOps, and business units to ensure alignment on security objectives. 

What You Will Need 

Technical Skills and Experience 

• 8+ years of experience in Cybersecurity or Information Technology 

• 5+ years of direct experience focusing on application security and related technologies such as SAST, DAST, and IAST. 

• Deep understanding of application security principles, OWASP Top 10, and common vulnerabilities. 

• Proven experience in software development, with a strong understanding of secure coding practices and software architecture. 

• In-depth knowledge of application security principles, including threat modeling, vulnerability assessment, and secure code review. 

• Hands-on experience with security tools such as static and dynamic analysis tools, penetration testing frameworks, and security monitoring solutions. 

• Strong experience integrating security testing into CI/CD pipelines using tools like Jenkins, GitLab CI, or Azure DevOps. 

• Proficiency in scripting languages (e.g., Python, Bash) and infrastructure-as-code tools (e.g., Terraform, CloudFormation). 

• Knowledge of cloud security principles and best practices (AWS, Azure, GCP). 

• Relevant certifications such as AWS Certified Security Specialty, CISSP, GCIH, or GCED are preferred. 

Soft Skills 

• Proven ability to mentor, lead, and develop application security engineers. 

• Excellent verbal and written communication skills; ability to present technical concepts clearly. 

• Strong teamwork skills and the ability to work with diverse teams across the organization. 

• Analytical mindset with the ability to troubleshoot complex security issues. 

• Ability to thrive in a fast-paced and evolving cybersecurity environment.