{"schemaVersion":"jobsearcher.job.v1","id":"12d4969ed1fedb05e230d19f","url":"https://jobsearcher.com/jobs/12d4969ed1fedb05e230d19f","canonicalUrl":"https://jobsearcher.com/jobs/12d4969ed1fedb05e230d19f","title":"Application Security Engineer","description":":\nApplication Security Engineer – Hybrid | Cary, North Carolina\n\nWe’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.\n\nIf you're looking for a dynamic, fulfilling career with flexibility and a world-class employee experience, you'll find it here. We're recognized around the world for our inclusive, meaningful culture and innovative technologies by organizations like Fast Company, Forbes, Newsweek and more.\n\nAbout the job\nAs an Application Security Engineer within the Information Security Office (ISO), you will be responsible for verifying that our internally-used applications are secure by design. You will collaborate with a diverse set of development and management teams across R&D, IT, and SAS Managed Cloud Services organizations to help drive the maturity of the application security program at SAS.\nCandidates should possess a diverse set of skills in application security and should have significant exposure to enterprise activities including software development, software testing, CI/CD, technical support, and program management. Your success will depend on your cooperative skills working with internal SAS customers and other teams across the enterprise to provide guidance about best practices in application security.\nAs an Application Security Engineer, you will:\nProvide Subject Matter Communication:\nCoordinate with the Secure Design team to ensure new environments/applications align with expected compliance levels.\nProvide guidance to development teams on security design, threat modeling, and resolution of security vulnerabilities\nAdvise on potential compensating and mitigating controls to reduce risk\nTriage security findings received through a public bug bounty program, communicating with both the developers and independent security researchers\nPerform Security Assessments & Assist in Remediation:\nPerform application security assessments and web application security assessments on both internal and external web applications and web services\nInterpret and triage results from web application assessments\nAssess Azure and AWS cloud offerings to ensure usage aligns with security best practices\nAssess applications for potential migration from on-prem to cloud\nBuild Security Standards & Integrations for Engineers:\nHelp research and define security benchmarks, guidelines, and processes\n\nRequired Qualifications\nUS Citizen.\n5+ years of experience in Information Technology\nBachelor's degree in computer science or related quantitative field\nExperience with web-based architectures and applications\nFamiliarity with industry standards for application security\nFamiliarity with common application security testing techniques (DAST, SCA, SAST, IAST) and vulnerability management tooling\nEquivalent combination of related education, training and experience may be considered in place of the above qualifications.\nYou’re curious, passionate, authentic and accountable. These are our values and influence everything we do.\n\nAdditional competencies, knowledge and skills\nContinuous Improvement: Originating action to improve existing conditions and processes; identifying improvement opportunities, generating ideas, and implementing solutions.\nDecision Making: Identifying and understanding problems and opportunities by gathering, analyzing, and interpreting quantitative and qualitative information; choosing the best course of action by establishing clear decision criteria, generating and evaluating alternatives, and making timely decisions; taking action that is consistent with available facts and constraints and optimizes probable consequences.\nInfluencing: Using effective involvement and persuasion strategies to gain acceptance of ideas and commitment to actions that support specific work outcomes.\nFamiliarity with DevSecOps\nFamiliarity with API Security best practices\nExperience with container and Kubernetes security\nExperience with Azure or other commercial clouds\nFamiliarity with various programming languages to assist with peer review (Java, Python, Golang)\nRelevant security certifications such as CISSP, CSSLP, GPEN, GWAPT, OSCP\nFamiliarity with industry standard authentication and authorization (OAuth, Okta, Microsoft Entra)\nWorld-class benefits\nHighlights include...\nComprehensive medical, prescription, dental and vision plans.\nMedical plan options include:\nPPO with low annual deductible and copays.\nHDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).\nOnsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!\nAn industry-leading 401k plan.\nTuition Assistance Program and programs and resources to support your development\nGenerous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.\nVolunteer Time Off, parental leave and unlimited paid sick days.\nGenerous childcare benefits for all full-time employees.\n\nYou are welcome here.\nAt SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our inclusive workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers.\n\nAdditional Information:\nTo qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to any characteristic protected by law. Read more: Know Your Rights.\n\nResumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.\n\nSAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.\n\nLet's stay in touch! Join our Talent Community to stay up to date on company news, job updates and more.","company":"Sas","rawCompany":"sas","city":"Cary","state":"NC","isRemote":false,"isActive":false,"createdAt":"2026-04-12T18:29:04.940Z","occupations":[{"code":"15-1212.00","title":"Information Security Analysts","slug":"information-security-analysts"},{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"541690","title":"Other Scientific and Technical Consulting Services","slug":"other-scientific-and-technical-consulting-services"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"Application Security Engineer","description":":\nApplication Security Engineer – Hybrid | Cary, North Carolina\n\nWe’re a leader in data and AI. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.\n\nIf you're looking for a dynamic, fulfilling career with flexibility and a world-class employee experience, you'll find it here. We're recognized around the world for our inclusive, meaningful culture and innovative technologies by organizations like Fast Company, Forbes, Newsweek and more.\n\nAbout the job\nAs an Application Security Engineer within the Information Security Office (ISO), you will be responsible for verifying that our internally-used applications are secure by design. You will collaborate with a diverse set of development and management teams across R&D, IT, and SAS Managed Cloud Services organizations to help drive the maturity of the application security program at SAS.\nCandidates should possess a diverse set of skills in application security and should have significant exposure to enterprise activities including software development, software testing, CI/CD, technical support, and program management. Your success will depend on your cooperative skills working with internal SAS customers and other teams across the enterprise to provide guidance about best practices in application security.\nAs an Application Security Engineer, you will:\nProvide Subject Matter Communication:\nCoordinate with the Secure Design team to ensure new environments/applications align with expected compliance levels.\nProvide guidance to development teams on security design, threat modeling, and resolution of security vulnerabilities\nAdvise on potential compensating and mitigating controls to reduce risk\nTriage security findings received through a public bug bounty program, communicating with both the developers and independent security researchers\nPerform Security Assessments & Assist in Remediation:\nPerform application security assessments and web application security assessments on both internal and external web applications and web services\nInterpret and triage results from web application assessments\nAssess Azure and AWS cloud offerings to ensure usage aligns with security best practices\nAssess applications for potential migration from on-prem to cloud\nBuild Security Standards & Integrations for Engineers:\nHelp research and define security benchmarks, guidelines, and processes\n\nRequired Qualifications\nUS Citizen.\n5+ years of experience in Information Technology\nBachelor's degree in computer science or related quantitative field\nExperience with web-based architectures and applications\nFamiliarity with industry standards for application security\nFamiliarity with common application security testing techniques (DAST, SCA, SAST, IAST) and vulnerability management tooling\nEquivalent combination of related education, training and experience may be considered in place of the above qualifications.\nYou’re curious, passionate, authentic and accountable. These are our values and influence everything we do.\n\nAdditional competencies, knowledge and skills\nContinuous Improvement: Originating action to improve existing conditions and processes; identifying improvement opportunities, generating ideas, and implementing solutions.\nDecision Making: Identifying and understanding problems and opportunities by gathering, analyzing, and interpreting quantitative and qualitative information; choosing the best course of action by establishing clear decision criteria, generating and evaluating alternatives, and making timely decisions; taking action that is consistent with available facts and constraints and optimizes probable consequences.\nInfluencing: Using effective involvement and persuasion strategies to gain acceptance of ideas and commitment to actions that support specific work outcomes.\nFamiliarity with DevSecOps\nFamiliarity with API Security best practices\nExperience with container and Kubernetes security\nExperience with Azure or other commercial clouds\nFamiliarity with various programming languages to assist with peer review (Java, Python, Golang)\nRelevant security certifications such as CISSP, CSSLP, GPEN, GWAPT, OSCP\nFamiliarity with industry standard authentication and authorization (OAuth, Okta, Microsoft Entra)\nWorld-class benefits\nHighlights include...\nComprehensive medical, prescription, dental and vision plans.\nMedical plan options include:\nPPO with low annual deductible and copays.\nHDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).\nOnsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!\nAn industry-leading 401k plan.\nTuition Assistance Program and programs and resources to support your development\nGenerous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.\nVolunteer Time Off, parental leave and unlimited paid sick days.\nGenerous childcare benefits for all full-time employees.\n\nYou are welcome here.\nAt SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our inclusive workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers.\n\nAdditional Information:\nTo qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to any characteristic protected by law. Read more: Know Your Rights.\n\nResumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.\n\nSAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.\n\nLet's stay in touch! Join our Talent Community to stay up to date on company news, job updates and more.","datePosted":"2026-04-12T18:29:04.940Z","dateModified":"2026-04-12T18:29:04.940Z","hiringOrganization":{"@type":"Organization","name":"Sas","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Cary","addressRegion":"NC","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"12d4969ed1fedb05e230d19f"},"url":"https://jobsearcher.com/jobs/12d4969ed1fedb05e230d19f"}}