Title: Application Security Engineer Location: Remote Full Time Experienced Job Description: Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. We leverage cutting-edge technologies to create scalable, secure, and user-friendly applications. As we continue to grow, we’re looking for a skilled Application Security Engineer to join our dynamic team and contribute to our mission of transforming business processes through technology. This is a fantastic opportunity to join an established and well-respected organization offering tremendous career growth potential. Job Title: Application Security Engineer Location: 100% Remote (Continental United States) Position Type: In-house Bright Vision Technologies SOW engagement (no third-party client or vendor) Experience: 5+ years Sponsorship: No new H1B sponsorship available. H1B transfers welcomed for qualified candidates. Employment Type: Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party) Engagement: Long-term, multi-year, aligned to the Bright Vision SOW delivery roadmap Compensation: Competitive base salary commensurate with experience, plus benefits. Employment Terms & Visa Policy This is a 100% remote, full-time, direct W2 position with Bright Vision Technologies. This role is part of Bright Vision Technologies’ in-house Statement of Work (SOW) engagement. The client, end customer, and employer for this position is Bright Vision Technologies — there is no third-party client, vendor, or implementation partner involved. We do not engage in C2C, 1099, or third-party arrangements for this role. BUT STRICTLY NO C2C/1099/3RD PARTY COMPANIES. ALL OUR ROLES ARE W2 AND NO 3RD PARTY BROKERING PLEASE. Candidates must be willing to work directly as a full-time W2 employee of Bright Vision Technologies and contribute to our in-house SOW deliverables. No new H1B sponsorship is available for this role. However, candidates who are currently on a valid H1B visa and require a transfer are welcome to apply. We will support H1B transfers for qualified candidates. For every role, a technical coding assessment is mandatory. Please apply only if you are confident in your technical abilities and hands-on experience. Job Summary We are looking for an Application Security Engineer to embed security throughout the software development lifecycle, partnering with engineering teams to design secure systems, identify vulnerabilities, and reduce risk across our application portfolio. The role blends hands-on offensive and defensive skills with strong communication and collaboration, helping development teams build secure software efficiently rather than slowing them down. The ideal candidate brings deep technical security expertise, strong software engineering fundamentals, and a track record of shipping security improvements that meaningfully reduce risk in production. Key Responsibilities - Conduct threat modeling and security architecture reviews for new and existing applications and services. - Perform manual code reviews, secure design consultations, and pair with engineering teams on hardening critical components. - Operate and tune SAST, DAST, IAST, SCA, and secret-scanning tools across CI/CD pipelines. - Drive vulnerability management workflows including triage, prioritization, owner assignment, and SLA tracking. - Build paved-road libraries and frameworks that make secure patterns the default for engineering teams. - Lead red-team and purple-team exercises against internal applications and drive remediation of identified weaknesses. - Implement and operate runtime protections including WAF, RASP, bot protection, and abuse-detection mechanisms. - Design and enforce secure authentication, authorization, session management, and cryptographic patterns. - Partner with infrastructure and platform teams to harden container, Kubernetes, and cloud environments. - Develop and deliver application security training, lunch-and-learns, and onboarding content for engineering staff. - Respond to security incidents involving application vulnerabilities or active exploitation. - Track and apply emerging threats and CVEs that may affect the application portfolio. - Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time. - Stay current with application security research and emerging defensive tooling. Required Qualifications - Bachelor’s degree in Computer Science, Cybersecurity, or a related field. - Five or more years of application security or security engineering experience. - Strong understanding of OWASP Top 10, common vulnerability classes, and modern exploit patterns. - Hands-on experience performing code review across at least two major languages. - Deep familiarity with SAST, DAST, SCA, and CI/CD-integrated security tooling. - Strong understanding of authentication, authorization, and cryptographic primitives. - Experience with cloud security and modern infrastructure controls. - Strong communication skills with technical and non-technical audiences. - Proficiency in at least one programming language for tooling and automation. - Experience working closely with engineering teams in an Agile environment. Preferred Qualifications - Industry certifications such as OSCP, OSCE, GWAPT, or CISSP. - Experience with offensive security tooling and red-team operations. - Bug bounty experience, public CVEs, or open-source security contributions. - Familiarity with AI/LLM application security considerations. - Exposure to regulated industries with strict compliance requirements. How to Apply Would you like to know more about this opportunity? For immediate consideration, please send your resume or contact us. Learn more about Bright Vision Technologies at www.bvteck.com. We recognize that our people are our strength, and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Bright Vision Technologies is an Equal Opportunity Employer, including Disability/Veterans. Position offered by “No Fee Agency.” Equal Employment Opportunity (EEO) Statement Bright Vision Technologies (BV Teck) is committed to equal employment opportunity (EEO) for all employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, veteran status, or any other protected status as defined by applicable federal, state, or local laws. This commitment extends to all aspects of employment, including recruitment, hiring, training, compensation, promotion, transfer, leaves of absence, termination, layoffs, and recall. BV Teck expressly prohibits any form of workplace harassment or discrimination. Any improper interference with employees' ability to perform their job duties may result in disciplinary action up to and including termination of employment.

Role Description The Project Application Engineer (PAE) – Drives serves as the technical owner for motor control and variable frequency drive (VFD) solutions, supporting opportunities from pre‑sales through early project execution. This role ensures Drive system architectures are safe, compliant, properly sized, and executable, acting as the technical bridge between Sales, Project Management, and Engineering. The PAE protects the customer, project execution, and Drives portfolio by ensuring only buildable, technically defensible solutions progress into execution. Key Accountabilities: - Drives Technical Ownership - Own end‑to‑end Drives system architecture, including: - LV and MV VFDs - Transformers, line reactors, and filters - Bypass schemes and control architectures - Validate application suitability based on process conditions, environment, and duty cycle - Own technical assumptions, risks, exclusions, and deviations related to Drives scope - Ensure compliance with: - Customer specifications - IEC / IEEE standards (harmonics, EMC, insulation, etc.) - Schneider Electric Drives application and portfolio rules Primary Responsibilities: - Pre‑Sales Technical Support - Review customer technical specifications and process requirements - Validate: - Drive and motor compatibility - Constant/variable torque duty cycles - Environmental conditions (ambient temperature, altitude, enclosure type) - Assess application‑specific risks, including: - Harmonics - Motor compatibility - Bypass, redundancy, and cooling requirements - Support Sales during technical discussions with customers - Outcome: Only technically sound and executable Drives solutions are offered. - Solution Design & Architecture Ownership - Define overall Drives solution architecture, including: - Drive topology - Input/output filtering - Control philosophy and communication approach - Ensure alignment with standard and approved Schneider Electric Drives offerings - Review and approve concept‑level documentation: - Functional descriptions - Single‑line and concept diagrams - Control and interlock philosophies - Outcome: Engineering receives clear technical intent with minimal ambiguity. - Handover to Project Execution - Lead or support the technical handover for Drives scope - Document and communicate: - Application constraints - Technical assumptions and exclusions - Known risks (harmonics, motor stress, cooling, bypass design) - Support early execution phases to prevent rework and late‑stage changes - Outcome: Project Managers and Engineering teams begin execution with clarity and confidence. - Cross‑Functional Collaboration & Governance - Collaborate closely with: - Sales: Enable feasible, win‑ready technical solutions - Project Managers: Provide clear scope definition and risk visibility - Engineering & Factories: Promote standard, repeatable Designs - Challenge non‑standard or high‑risk Drive applications - Capture and share lessons learned within the Drives community Out of Scope / Not Accountable For - Detailed electrical schematics or CAD drafting - Day‑to‑day project management - Commercial negotiations, pricing, or margin ownership - Factory expediting or order management Success Metrics - Reduction in Drives‑related execution changes - Fewer technical escalations during commissioning - Positive feedback from Project Management and Engineering - Adherence to Drives standards and best practices First 90 Days Expectations - 0–30 Days: Learn product ranges, standards, and common Drive applications - 31–60 Days: Support opportunities with increasing technical ownership - 61–90 Days: Independently own Drives solutions end‑to‑end for assigned scope Qualifications - LV and/or MV VFD systems and motor control applications - Industrial applications and process understanding - IEC / IEEE standards related to drives and power quality - Strong technical communication and stakeholder management skills Professional Mindset “If the motor, drive, and process don’t work together, the solution isn’t finished.” Company Description Looking to make an IMPACT with your career? At Schneider Electric, our values and behaviors are the foundation for creating a great culture to support business success. We believe that our IMPACT values – Inclusion, Mastery, Purpose, Action, Curiosity, Teamwork – starts with us. - €40 billion global revenue - +9% organic growth - 150,000+ employees in 100+ countries

Title: Application Security Engineer Location: Remote Job Description: Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. We leverage cutting-edge technologies to create scalable, secure, and user-friendly applications. As we continue to grow, we’re looking for a skilled Application Security Engineer to join our dynamic team and contribute to our mission of transforming business processes through technology. This is a fantastic opportunity to join an established and well-respected organization offering tremendous career growth potential. Application Security Engineer Job Title: Application Security Engineer Location: 100% Remote (Continental United States) Position Type: In-house Bright Vision Technologies SOW engagement (no third-party client or vendor) Experience: 5+ years Sponsorship: No new H1B sponsorship available. H1B transfers welcomed for qualified candidates. Employment Type: Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party) Engagement: Long-term, multi-year, aligned to the Bright Vision SOW delivery roadmap Compensation: Competitive base salary commensurate with experience, plus benefits. Employment Terms & Visa Policy This is a 100% remote, full-time, direct W2 position with Bright Vision Technologies. This role is part of Bright Vision Technologies’ in-house Statement of Work (SOW) engagement. The client, end customer, and employer for this position is Bright Vision Technologies — there is no third-party client, vendor, or implementation partner involved. We do not engage in C2C, 1099, or third-party arrangements for this role. BUT STRICTLY NO C2C/1099/3RD PARTY COMPANIES. ALL OUR ROLES ARE W2 AND NO 3RD PARTY BROKERING PLEASE. Candidates must be willing to work directly as a full-time W2 employee of Bright Vision Technologies and contribute to our in-house SOW deliverables. No new H1B sponsorship is available for this role. However, candidates who are currently on a valid H1B visa and require a transfer are welcome to apply. We will support H1B transfers for qualified candidates. For every role, a technical coding assessment is mandatory. Please apply only if you are confident in your technical abilities and hands-on experience. Job Summary We are looking for an Application Security Engineer to embed security throughout the software development lifecycle, partnering with engineering teams to design secure systems, identify vulnerabilities, and reduce risk across our application portfolio. The role blends hands-on offensive and defensive skills with strong communication and collaboration, helping development teams build secure software efficiently rather than slowing them down. The ideal candidate brings deep technical security expertise, strong software engineering fundamentals, and a track record of shipping security improvements that meaningfully reduce risk in production. Key Responsibilities - Conduct threat modeling and security architecture reviews for new and existing applications and services. - Perform manual code reviews, secure design consultations, and pair with engineering teams on hardening critical components. - Operate and tune SAST, DAST, IAST, SCA, and secret-scanning tools across CI/CD pipelines. - Drive vulnerability management workflows including triage, prioritization, owner assignment, and SLA tracking. - Build paved-road libraries and frameworks that make secure patterns the default for engineering teams. - Lead red-team and purple-team exercises against internal applications and drive remediation of identified weaknesses. - Implement and operate runtime protections including WAF, RASP, bot protection, and abuse-detection mechanisms. - Design and enforce secure authentication, authorization, session management, and cryptographic patterns. - Partner with infrastructure and platform teams to harden container, Kubernetes, and cloud environments. - Develop and deliver application security training, lunch-and-learns, and onboarding content for engineering staff. - Respond to security incidents involving application vulnerabilities or active exploitation. - Track and apply emerging threats and CVEs that may affect the application portfolio. - Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time. - Stay current with application security research and emerging defensive tooling. Required Qualifications - Bachelor’s degree in Computer Science, Cybersecurity, or a related field. - Five or more years of application security or security engineering experience. - Strong understanding of OWASP Top 10, common vulnerability classes, and modern exploit patterns. - Hands-on experience performing code review across at least two major languages. - Deep familiarity with SAST, DAST, SCA, and CI/CD-integrated security tooling. - Strong understanding of authentication, authorization, and cryptographic primitives. - Experience with cloud security and modern infrastructure controls. - Strong communication skills with technical and non-technical audiences. - Proficiency in at least one programming language for tooling and automation. - Experience working closely with engineering teams in an Agile environment. Preferred Qualifications - Industry certifications such as OSCP, OSCE, GWAPT, or CISSP. - Experience with offensive security tooling and red-team operations. - Bug bounty experience, public CVEs, or open-source security contributions. - Familiarity with AI/LLM application security considerations. - Exposure to regulated industries with strict compliance requirements. How to Apply Would you like to know more about this opportunity? For immediate consideration, please send your resume to [email protected] or contact us at (908) 505-3544. Learn more about Bright Vision Technologies at www.bvteck.com. We recognize that our people are our strength, and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Bright Vision Technologies is an Equal Opportunity Employer, including Disability/Veterans. Position offered by “No Fee Agency.” Equal Employment Opportunity (EEO) Statement Bright Vision Technologies (BV Teck) is committed to equal employment opportunity (EEO) for all employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, veteran status, or any other protected status as defined by applicable federal, state, or local laws. This commitment extends to all aspects of employment, including recruitment, hiring, training, compensation, promotion, transfer, leaves of absence, termination, layoffs, and recall. BV Teck expressly prohibits any form of workplace harassment or discrimination. Any improper interference with employees' ability to perform their job duties may result in disciplinary action up to and including termination of employment.

• Identify vulnerabilities, work with development teams to remediate risks. • Implement security best practices and tools to ensure compliance with relevant standards. • Perform manual and automated security assessments of web, mobile, and cloud applications. • Collaborate with development and engineering teams to embed security into SDLC (DevSecOps). • Conduct secure code reviews, threat modeling exercises, and risk assessments. • Implement and manage application security tools (SAST, DAST, SCA, IAST). • Design and enforce security policies, standards, and procedures for application development. • Monitor, triage, and respond to application-layer vulnerabilities and incidents. • Work closely with QA and engineering teams to drive security testing and fix validation. • Lead the Incident Response effort for application-related security events. • Stay current on the latest security threats, vulnerabilities, and industry's best practices. • Conduct developer training and promote a security-first culture within engineering. • Cross-train team members on Application Security principles. • Participate in broader corporate security efforts, including infrastructure security and vulnerability management.