Application Security Engineer

Job Description

JOB SUMMARY

The Application Security (AppSec) Engineer will be responsible for strengthening the Massachusetts State Lottery Commission's (MSLC) application security posture with a focus on secure software development and AWS cloud security. The AppSec Engineer will lead efforts to integrate security into the software development lifecycle (SDLC), collaborate with developers, and implement secure architecture principles in AWS-hosted environments. The incumbent will have a deep knowledge of secure application design, secure coding practices, and cloud-native security technologies.

ESSENTIAL FUNCTIONS

• Integrate security practices into the SDLC including secure code reviews, threat modeling, and secure design.
• Conduct vulnerability assessments, static/dynamic code analysis, and remediation guidance for web and cloud applications.
• Build and manage security controls across AWS cloud infrastructure, including IAM, security groups, encryption, and logging.
• Define and enforce AppSec policies, standards, and secure development best practices.
• Collaborate with development teams to ensure security is embedded early in the application lifecycle.
• Work with DevSecOps tools to automate security testing in CI/CD pipelines.
• Partner with IT and cloud vendors to assess and enhance security configurations in cloud-hosted applications.
• Stay updated on emerging AppSec and AWS security trends, threats, and technologies.
• Respond to application-level security incidents and perform root cause analysis.
• Perform other tasks as assigned.

• Associate's or Bachelor's degree in Computer Science, Information Security, or related field.
• 3-5 years of experience in application security engineering with hands-on work securing AWS-based applications.
• AWS Certified Security - Specialty or equivalent certification preferred.
• Experience with AppSec testing tools (e.g., SAST, DAST, SCA) and cloud-native security solutions.
• Solid understanding of OWASP Top 10, cloud misconfiguration risks, and secure coding principles.
• Strong scripting or programming skills (e.g., Python, JavaScript, Java, or similar).
• Excellent written and verbal communication skills to effectively collaborate with technical and non-technical teams.
• Strong interpersonal skills and team collaboration mindset .