Cybersecurity Engineer – Application Security Enablement
$160,000–$170,000 year
Remote · United States or Durham, North Carolina, United States
Job Summary
Cybersecurity Engineer – Application Security Enablement role focused on strengthening Labcorp’s application security posture by enabling secure design and development practices across engineering teams. Responsibilities include defining secure design standards for web/API/microservices, translating risks into actionable guidance for developers, promoting secure-by-design principles, supporting IAM integration (OAuth 2.0, OIDC, SAML), collaborating with cross-functional teams, guiding risk prioritization and remediation, and advancing scalable, reusable security patterns for AI-enabled development tools. Role emphasizes staying current with threats, cloud-native/API-first architectures, and establishing practical security guidance for engineers and architects.
Required Qualifications
- Minimum Qualifications: High school diploma with 12 or more years of experience in application security, secure software development, or cybersecurity engineering; or Associate degree with 10 or more years of experience; or Bachelor’s degree in Computer Science, Information Security, or Engineering with 8 or more years of experience; or Master’s degree in Computer Science, Information Security, or Engineering with 6 or more years of experience.
- 8 or more years of experience in application security, secure software development, or cybersecurity engineering, with a focus on identifying and addressing application-layer risks.
- 5 or more years of experience applying secure coding principles and addressing application security risks using OWASP Top 10 or similar best practices, with the ability to translate risks into actionable developer guidance.
- 3 or more years of experience working with enterprise security frameworks such as NIST CSF, CIS Controls, or ISO 27001, with demonstrated ability to align application security practices to these or other applicable frameworks.
- 3 or more years of experience in application or software development, OR equivalent experience working closely with development teams, with demonstrated ability to engage developers credibly on secure coding practices, design, and remediation strategies.
- 5 or more years of experience designing or securing web applications, APIs, and microservices architectures, including providing guidance on secure design decisions.
- 5 or more years of experience identifying, analyzing, and guiding remediation of common vulnerabilities such as injection, XSS, CSRF, broken authentication, and insecure deserialization.
- 3 or more years of experience applying secure design patterns in real-world systems, with the ability to guide teams on secure-by-design and secure-by-default principles.
- 2 or more years of experience securing cloud-native applications and APIs in AWS or Azure, including advising on secure architecture and integration patterns.
- 2 or more years of experience working with authentication and authorization protocols such as OAuth 2.0, OIDC, and SAML, including advising on appropriate implementation within application architectures.
- 3 or more years of experience operating in a consultative, cross-functional role, providing actionable security guidance to engineering and architecture teams and influencing secure design decisions.
- Preferred Qualifications: 3+ years of experience defining or contributing to secure development standards, guidelines, or reference architectures; 3+ years of experience integrating security into the SDLC (DevSecOps); 3+ years with API security frameworks/tools; 2+ years threat modeling; 2+ years with SAST/DAST/ SCA; 1+ year enabling secure AI-enabled applications.
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.