We'll meet you in the "am I making the most on my savings?" moment. Bank, borrow, invest—we have it all. Member FDIC.
Application & Cloud Security Specialist
Location
Ohio
Posted
1 day ago
Salary
$69K - $105K / year
Seniority
Senior
Job Description
Application & Cloud Security Specialist
KeyBank
• Perform manual application security testing and penetration testing of web applications, APIs, and services. • Review and validate findings from SAST, SCA, and DAST tools, including triage and false positive reduction. • Conduct API security and dynamic testing to identify vulnerabilities and misconfigurations. • Assess open-source dependencies and third-party libraries for vulnerabilities and supply chain risk. • Evaluate cloud environments (GCP, Azure, AWS) for misconfigurations, excessive permissions, and exposure risks in support of the CSPM program. • Implement and maintain CI/CD security integrations, including scanning tools and automation workflows. • Develop scripts and CLI-based tooling to support scalable security testing and validation activities. • Partner with development teams to remediate vulnerabilities and improve secure coding practices. • Participate in architecture and design reviews, providing actionable security recommendations. • Utilize AI tools and coding assistants to enhance productivity, automate analysis, and improve testing efficiency while maintaining secure and responsible usage practices. • Track and report vulnerabilities, remediation progress, and security metrics.
Job Requirements
- Bachelor of Computer Science, Cybersecurity, or related field—or equivalent experience.
- 4+ years of experience in application security, penetration testing, or secure software development.
- Hands-on experience with: Manual application security testing (web/API), SAST, SCA, DAST tools
- Common vulnerabilities (OWASP Top 10, API risks)
- Experience with at least one cloud platform (Google Cloud, Microsoft Azure, or AWS).
- Strong programming/scripting experience (Python, Java, JavaScript, Bash, PowerShell, or similar).
- Proficiency working in command-line environments (Linux/Unix).
- Familiarity with CI/CD pipelines and DevSecOps practices.
- Experience or comfort using AI-enabled tools and coding assistants (e.g., for code analysis, automation, or testing support).
Benefits
- Compensation for this role also includes eligibility for incentive compensation which may include production, commission, and/or discretionary incentives.
- Health insurance
- 401(k) matching
- Flexible work hours
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Design and implement robust application security solutions including use of AI and threat modeling. • Ensure that application security measures are integrated into all aspects of the organization's application infrastructure. • Deliver Data flow documentation for applications. • Advises IT and Security leaders in evolving TD SYNNEX’s application security strategies, technologies and processes. • Work closely with cross-functional teams, application developers, and business units, to ensure the security of applications, AI applications and API architectures. • Perform risk assessments of internal applications and API services, drive remediation and improvements. • Develop application security policies, standards and procedures.
Cybersecurity Specialist
GuidehouseSolving big problems, building trust in society, and empowering our clients to shape the future.
• Support secure operations, compliance, risk management, and continuous monitoring for a mission-critical federal grants platform. • Emphasize federal security requirements, ATO support, POA&M management, incident response, security documentation, and vulnerability coordination. • Contribute to secure operations through security documentation, continuous monitoring, vulnerability tracking, POA&M coordination, incident response support, ATO activities, and security oversight. • Support implementation, monitoring, and documentation of federal cybersecurity, privacy, and compliance requirements for Grants.gov applications and platform services. • Manage and support POA&M activities by tracking findings, coordinating remediation owners, documenting milestones, validating closure evidence, and communicating risk status to program and security leadership. • Coordinate vulnerability management activities, including scan review, issue triage, remediation planning, exception tracking, patch coordination, and verification of resolved findings. • Coordinate with development, operations, cloud, database, network, and application platform teams to ensure security considerations are incorporated into releases, configuration changes, deployments, maintenance activities, and enhancements. • Maintain and update security-related artifacts, including system security documentation, control implementation details, risk registers, incident reports, remediation plans, operating procedures, and compliance evidence. • Support transition-in and transition-out activities by helping validate security documentation, accounts, certificates, licenses, support systems, inventories, controls, and operational security responsibilities. • Prepare and communicate security status, risks, issues, remediation progress, incident impacts, control gaps, and compliance recommendations in formats appropriate for executive, federal, technical, and non-technical audiences.
Associate Security Engineer, Identity Security
KBR, Inc.We deliver science, technology and engineering solutions to governments and companies around the world.
• Support the administration and operation of Microsoft Entra ID, Active Directory, hybrid identity, and directory synchronization services. • Perform identity administration activities for users, groups, devices, applications, service accounts, and access permissions. • Troubleshoot authentication, authorization, provisioning, account lifecycle, and access-related issues. • Review logs, alerts, and system data to identify and resolve identity-related incidents and operational problems. • Support Conditional Access, multifactor authentication (MFA), passwordless authentication, and other modern access control solutions. • Assist with privileged access management activities, including role assignments, access reviews, and least-privilege enforcement. • Support identity governance processes, including access reviews, entitlement management, and joiner, mover, and leaver activities. • Assist with enterprise application integrations and identity federation technologies, including SAML, OAuth, OpenID Connect, and SCIM. • Support application identities, service principals, managed identities, workload identities, and service accounts. • Assist with Active Directory administration, Group Policy management, directory health monitoring, and hybrid identity operations. • Support PKI and certificate lifecycle management activities, including certificate issuance, renewal, inventory, and trust relationships. • Identify and help remediate identity-related risks, including excessive access, stale accounts, weak authentication, and unmanaged credentials. • Support security monitoring, threat detection, and incident investigations using Microsoft security platforms and related tools. • Gather technical evidence, perform root cause analysis, and assist with remediation activities during security and operational incidents. • Participate in cloud deployments, application onboarding, tenant migrations, and other identity-related projects and initiatives. • Support audit, compliance, and governance activities through evidence collection, documentation, and control validation. • Create and maintain technical documentation, procedures, knowledge articles, and operational runbooks. • Assist with reporting, automation, and continuous improvement efforts using PowerShell, Microsoft Graph, KQL, and related technologies. • Follow established security, change management, incident management, and operational procedures. • Collaborate with engineers, administrators, and stakeholders to improve identity security controls and operational effectiveness. • Communicate technical issues, findings, and project updates clearly while continuing to develop identity security knowledge and expertise.
RMF Cybersecurity ISSO/SME 3
KBR, Inc.We deliver science, technology and engineering solutions to governments and companies around the world.
• Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities • Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness • Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies • Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews • Document and maintain evidence supporting control implementation and compliance • Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress • Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies • Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts



