Senior AppSec Engineer Cloud, API

As a Senior Application Security Engineer at Applied Materials, you will play a crucial role in securing modern cloud-native applications with a focus on API security, Infrastructure as Code (IaC), containerized workloads, and Open-Source Software (OSS). Your responsibilities will include: - **Application & API Security**: - Establish and mature an API security program with tools, processes, and best practices - Define secure API design guidelines aligned with OWASP API Top 10 - Evaluate and integrate API security tools into the SDLC and CI/CD pipelines - Partner with engineering teams to embed secure-by-design API patterns - Guide implementation of API authentication and authorization controls like OAuth2, OIDC, JWT, mTLS - **Infrastructure as Code (IaC) Security**: - Review IaC templates for security misconfigurations - Define and maintain secure IaC guardrails and policies - Integrate IaC security scanning into CI/CD pipelines - Partner with cloud and platform teams to remediate infrastructure risks early - **Container & Kubernetes Security**: - Assess container images for vulnerabilities and misconfigurations - Review Kubernetes manifests and deployment configurations - Advise on runtime security controls and workload isolation - Support adoption of container security best practices - **Open-Source Software (OSS) Security**: - Manage open-source risk including vulnerabilities and licensing - Support and tune Software Composition Analysis (SCA) tools - Drive remediation of vulnerable dependencies and guide teams on secure OSS usage - Contribute to OSS security governance and policies - **Secure SDLC & Enablement**: - Embed security checks into CI/CD pipelines - Provide remediation guidance to developers - Create security documentation and coding guidelines - Deliver security awareness sessions for engineering teams In addition to the responsibilities, you should possess the following qualifications: - 47 years of experience in application security - Strong understanding of web application and API security - Hands-on experience with cloud-native environments like AWS, Azure, or GCP - Practical exposure to various security tools and practices Preferred skills that would be beneficial include experience with AppSec tooling, knowledge of Zero Trust and cloud security architectures, and familiarity with DevSecOps practices. As a successful Senior Application Security Engineer in this role, you will see improved security posture of various elements, faster vulnerability remediation, and clear security standards adopted across product teams. Applied Materials is an Equal Opportunity Employer, and qualified applicants will be considered without regard to various factors prohibited by law. As a Senior Application Security Engineer at Applied Materials, you will play a crucial role in securing modern cloud-native applications with a focus on API security, Infrastructure as Code (IaC), containerized workloads, and Open-Source Software (OSS). Your responsibilities will include: - **Application & API Security**: - Establish and mature an API security program with tools, processes, and best practices - Define secure API design guidelines aligned with OWASP API Top 10 - Evaluate and integrate API security tools into the SDLC and CI/CD pipelines - Partner with engineering teams to embed secure-by-design API patterns - Guide implementation of API authentication and authorization controls like OAuth2, OIDC, JWT, mTLS - **Infrastructure as Code (IaC) Security**: - Review IaC templates for security misconfigurations - Define and maintain secure IaC guardrails and policies - Integrate IaC security scanning into CI/CD pipelines - Partner with cloud and platform teams to remediate infrastructure risks early - **Container & Kubernetes Security**: - Assess container images for vulnerabilities and misconfigurations - Review Kubernetes manifests and deployment configurations - Advise on runtime security controls and workload isolation - Support adoption of container security best practices - **Open-Source Software (OSS) Security**: - Manage open-source risk including vulnerabilities and licensing - Support and tune Software Composition Analysis (SCA) tools - Drive remediation of vulnerable dependencies and guide teams on secure OSS usage - Contribute to OSS security governance and policies - **Secure SDLC & Enablement**: - Embed security checks into CI/CD pipelines - Provide remediation guidance to developers - Create security documentation and coding guidelines - Deliver security awareness sessions for engineering teams In addition to the responsibilities, you should possess the following qualifications: - 47 years of experience in application security - Strong understanding of web application and API security - Hands-on experience with cloud-native environments like AWS, Azure, or GCP - Practical exposure to various security tool