View Our Website View All Jobs

Lead Application Security Engineer

Lead Information Security Engineer – Application Security

Mosaic451 is seeking a Lead Information Security Engineer to be part of a security/application team in Atlanta, GA.  The Security Engineer will play a pivotal role in a team that manages and maintains the security operations and application security for this customer. The Security Engineer will work closely with other IT departments and as such, the ideal candidate must be a quick start, must be resourceful to accomplish tasks, and able to operate in a large complex IT environment.


  • Lead all architecture reviews, attack and penetration testing, secure code reviews, and business process cyber security and privacy reviews
  • Perform architecture analysis and risk assessments on the security of applications and services, discovering and addressing security issues, and quickly react to new threat scenarios
  • Lead, champion, and validate secure SDLC processes including static code analysis, Integrated application security testing, dynamic analysis, code reviews and reconcile vulnerabilities within application security testing tools
  • Facilitate security remediation of applications with security flaws and code defects with Product Managers, Application Leads, and Development teams
  • Develop and implement best practices, reference implementations, automation, and testing for application security in web, mobile, and API (REST and SOAP)
  • Coordinate or perform network and application security attack and penetration testing to ensure that Aaron’s services, applications, and websites are designed and implemented in accordance with leading practices
  • Champion continuous improvement on secure coding practices, application security requirements, automation, training, and metrics
  • Develop streamlined security metrics that enables IT leaders and senior management to take action on application security related risks
  • Maintain the enterprise vulnerability management solution framework and processes
  • Work with Information Technology to mature the patch management lifecycle based on vulnerability management SLAs
  • Deploy and maintain web application, source code and penetration assessment tools.
  • Deploy and maintain runtime application self-protection (RASP) tool.
  • Research, evaluate, implement and manage security tools
  • Regularly re-evaluate processes and procedures to drive continuous improvement and innovation


Qualifications & Skills:

  • 5-7 years of experience in Information Security, application security or development preferred
  • 3-5 years of experience working in and performing risk/architecture assessments on applications, network, mobile and SaaS solutions preferred
  • Experience performing penetration testing and web application security assessments
  • Experience performing vendor risk assessments strongly desired
  • Experience in using penetration testing tools (Canvas, Nessus, Burp Suite, Metasploit) preferred, but not required
  • Experience in working with and deploying vulnerability management solutions (Qualys, Rapid 7) preferred but not required
  • Experience with static and dynamic analysis tools preferred.
  • Experience with IAST and RASP tools preferred.
  • Strong understanding of OWASP Top 10 and CWE 25; as well as experience in implementing and integrating remediation strategies
  • Strong understanding of agile development processes and integrating secure development practices into the model
  • Strong interpersonal skills with the ability to effectively collaborate with cross-organizational teams
  • Self-starter with the ability to work independently as well as the ability to negotiate and bring consensus to diverse priorities of product development and solution delivery teams
  • Excellent verbal and written communication skills including the ability to describe or explain complex processes and issues in a concise manner
  • Ability to understand complex information systems, prioritize tasks, and meet deadlines with minimal supervision
  • Hands on experience with one or more of the following programming languages: C#, C++, JavaScript preferred but not required


Education and Certification Requirements:

  • B.A. or B.S. in Computer Science or related field (preferred but not required)
  • One or more of the following certifications (preferred, but not required): CISSP, CISM, GPEN, GWAPT, CEH, OSCE, CSSLP, OSCP, and OSCE


Read More

Apply for this position

Apply with
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity / Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Invitation for Job Applicants to Self-Identify as a U.S. Veteran
  • A “disabled veteran” is one of the following:
    • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
    • a person who was discharged or released from active duty because of a service-connected disability.
  • A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.
Veteran status

Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 1/31/2020
Why are you being asked to complete this form?

Because we do business with the government, we must reach out to, hire, and provide equal opportunity to qualified people with disabilities.i To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)
Please check one of the boxes below:

You must enter your name and date
Your Name Today's Date
Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

iSection 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.