ESSENTIAL FUNCTIONS:

Partner with Enterprise Architecture to provide secure designs and patterns for development teams. Conduct threat modeling, code reviews, and security assessments of applications and services. Collaborate with DevOps teams to integrate security into CI/CD pipelines and establish DevOps security standards. Design and implement security controls and automation to detect and prevent vulnerabilities. Develop and maintain secure coding standards and training for engineering teams. Evaluate and implement application security tools (, SAST, DAST, SCA). Assess security findings identified by various scanning tools and guide product engineering teams on the identified risks and the mitigation strategies. Work proactively to gain full value from security capabilities and features across the Encova enterprise, ultimately positioning information security as an enabler for the organization. OTHER FUNCTIONS: Take part in incident response efforts related to application security issues. Stay current with emerging threats, vulnerabilities, and security technologies. Adhere to Encova IT principles, High Availability, Least Privilege, etc. Maintain awareness of current security trends and compliance regulations. Share knowledge with other members of the InfoSec team. Perform other duties as assigned. Maintain documentation for security controls. KNOWLEDGE. SKILLS AND EXPERIENCE: Strong working knowledge of Application Security technologies, processes and services, as well as policy enforcement and regulatory compliance. Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. Minimum 5+ years of experience in application security or software engineering with a security focus. Strong understanding of web application architecture, APIs, and cloud-native technologies. Strong understanding of CI/CD tooling, containers, dependency management tooling (SCA) and scanning tools such as SonarQube and Wiz. Proficiency in at least one programming language (, Java, Python, JavaScript). Experience with security tools such as Burp Suite, OWASP ZAP, Veracode, or similar. Familiarity with OWASP Top 10, CWE/SANS Top 25, and secure development practices. Relevant certifications (, OSWE, CSSLP, GWAPT) are a plus.