KeyBank logo
KeyBank

We'll meet you in the "am I making the most on my savings?" moment. Bank, borrow, invest—we have it all. Member FDIC.

Application & Cloud Security Specialist

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 10,001+Since 1994H1B SponsorCompany SiteLinkedIn

Location

Ohio

Posted

1 day ago

Salary

$69K - $105K / year

Seniority

Senior

Job Description

Application & Cloud Security Specialist

KeyBank

• Perform manual application security testing and penetration testing of web applications, APIs, and services. • Review and validate findings from SAST, SCA, and DAST tools, including triage and false positive reduction. • Conduct API security and dynamic testing to identify vulnerabilities and misconfigurations. • Assess open-source dependencies and third-party libraries for vulnerabilities and supply chain risk. • Evaluate cloud environments (GCP, Azure, AWS) for misconfigurations, excessive permissions, and exposure risks in support of the CSPM program. • Implement and maintain CI/CD security integrations, including scanning tools and automation workflows. • Develop scripts and CLI-based tooling to support scalable security testing and validation activities. • Partner with development teams to remediate vulnerabilities and improve secure coding practices. • Participate in architecture and design reviews, providing actionable security recommendations. • Utilize AI tools and coding assistants to enhance productivity, automate analysis, and improve testing efficiency while maintaining secure and responsible usage practices. • Track and report vulnerabilities, remediation progress, and security metrics.

Job Requirements

  • Bachelor of Computer Science, Cybersecurity, or related field—or equivalent experience.
  • 4+ years of experience in application security, penetration testing, or secure software development.
  • Hands-on experience with: Manual application security testing (web/API), SAST, SCA, DAST tools
  • Common vulnerabilities (OWASP Top 10, API risks)
  • Experience with at least one cloud platform (Google Cloud, Microsoft Azure, or AWS).
  • Strong programming/scripting experience (Python, Java, JavaScript, Bash, PowerShell, or similar).
  • Proficiency working in command-line environments (Linux/Unix).
  • Familiarity with CI/CD pipelines and DevSecOps practices.
  • Experience or comfort using AI-enabled tools and coding assistants (e.g., for code analysis, automation, or testing support).

Benefits

  • Compensation for this role also includes eligibility for incentive compensation which may include production, commission, and/or discretionary incentives.
  • Health insurance
  • 401(k) matching
  • Flexible work hours

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 10,001+Since 1980H1B Sponsor

• Design and implement robust application security solutions including use of AI and threat modeling. • Ensure that application security measures are integrated into all aspects of the organization's application infrastructure. • Deliver Data flow documentation for applications. • Advises IT and Security leaders in evolving TD SYNNEX’s application security strategies, technologies and processes. • Work closely with cross-functional teams, application developers, and business units, to ensure the security of applications, AI applications and API architectures. • Perform risk assessments of internal applications and API services, drive remediation and improvements. • Develop application security policies, standards and procedures.

Brazil
Guidehouse logo

Cybersecurity Specialist

Guidehouse

Solving big problems, building trust in society, and empowering our clients to shape the future.

Full TimeRemoteTeam 10,001+Since 2018H1B Sponsor

• Support secure operations, compliance, risk management, and continuous monitoring for a mission-critical federal grants platform. • Emphasize federal security requirements, ATO support, POA&M management, incident response, security documentation, and vulnerability coordination. • Contribute to secure operations through security documentation, continuous monitoring, vulnerability tracking, POA&M coordination, incident response support, ATO activities, and security oversight. • Support implementation, monitoring, and documentation of federal cybersecurity, privacy, and compliance requirements for Grants.gov applications and platform services. • Manage and support POA&M activities by tracking findings, coordinating remediation owners, documenting milestones, validating closure evidence, and communicating risk status to program and security leadership. • Coordinate vulnerability management activities, including scan review, issue triage, remediation planning, exception tracking, patch coordination, and verification of resolved findings. • Coordinate with development, operations, cloud, database, network, and application platform teams to ensure security considerations are incorporated into releases, configuration changes, deployments, maintenance activities, and enhancements. • Maintain and update security-related artifacts, including system security documentation, control implementation details, risk registers, incident reports, remediation plans, operating procedures, and compliance evidence. • Support transition-in and transition-out activities by helping validate security documentation, accounts, certificates, licenses, support systems, inventories, controls, and operational security responsibilities. • Prepare and communicate security status, risks, issues, remediation progress, incident impacts, control gaps, and compliance recommendations in formats appropriate for executive, federal, technical, and non-technical audiences.

Maryland + 1 moreAll locations: Maryland | Virginia
$98K - $163K / year
KBR, Inc. logo

Associate Security Engineer, Identity Security

KBR, Inc.

We deliver science, technology and engineering solutions to governments and companies around the world.

Full TimeRemoteTeam 10,001+Since 1901H1B No Sponsor

• Support the administration and operation of Microsoft Entra ID, Active Directory, hybrid identity, and directory synchronization services. • Perform identity administration activities for users, groups, devices, applications, service accounts, and access permissions. • Troubleshoot authentication, authorization, provisioning, account lifecycle, and access-related issues. • Review logs, alerts, and system data to identify and resolve identity-related incidents and operational problems. • Support Conditional Access, multifactor authentication (MFA), passwordless authentication, and other modern access control solutions. • Assist with privileged access management activities, including role assignments, access reviews, and least-privilege enforcement. • Support identity governance processes, including access reviews, entitlement management, and joiner, mover, and leaver activities. • Assist with enterprise application integrations and identity federation technologies, including SAML, OAuth, OpenID Connect, and SCIM. • Support application identities, service principals, managed identities, workload identities, and service accounts. • Assist with Active Directory administration, Group Policy management, directory health monitoring, and hybrid identity operations. • Support PKI and certificate lifecycle management activities, including certificate issuance, renewal, inventory, and trust relationships. • Identify and help remediate identity-related risks, including excessive access, stale accounts, weak authentication, and unmanaged credentials. • Support security monitoring, threat detection, and incident investigations using Microsoft security platforms and related tools. • Gather technical evidence, perform root cause analysis, and assist with remediation activities during security and operational incidents. • Participate in cloud deployments, application onboarding, tenant migrations, and other identity-related projects and initiatives. • Support audit, compliance, and governance activities through evidence collection, documentation, and control validation. • Create and maintain technical documentation, procedures, knowledge articles, and operational runbooks. • Assist with reporting, automation, and continuous improvement efforts using PowerShell, Microsoft Graph, KQL, and related technologies. • Follow established security, change management, incident management, and operational procedures. • Collaborate with engineers, administrators, and stakeholders to improve identity security controls and operational effectiveness. • Communicate technical issues, findings, and project updates clearly while continuing to develop identity security knowledge and expertise.

Texas
KBR, Inc. logo

RMF Cybersecurity ISSO/SME 3

KBR, Inc.

We deliver science, technology and engineering solutions to governments and companies around the world.

Full TimeRemoteTeam 10,001+Since 1901H1B No Sponsor

• Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities • Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness • Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies • Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews • Document and maintain evidence supporting control implementation and compliance • Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress • Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies • Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts

South Carolina
$107.6K - $161.4K / year