Cybersecurity Engineer - Application Security Enablement

Requirements

• 8 or more years of experience in application security, secure software development, or cybersecurity engineering, with a focus on identifying and addressing application-layer risks.
• 5 or more years of experience applying secure coding principles and addressing application security risks using OWASP Top 10 or similar best practices, with the ability to translate risks into actionable developer guidance.
• 3 or more years of experience working with enterprise security frameworks such as NIST CSF, CIS Controls, or ISO 27001, with demonstrated ability to align application security practices to these or other applicable frameworks.
• 3 or more years of experience in application or so

Additional Information

Labcorp is seeking a Cybersecurity Engineer - Application Security Enablement to join our team in a remote capacity. Location : Remote Applicants who live within 35 miles of either the Burlington, NC or Durham, NC location will follow a hybrid schedule. This schedule includes a minimum of three in-office days per week at an assigned location, either Burlington or Durham, supporting both collaboration and flexibility. Work Schedule: This is a full-time, exempt (salaried) position assigned to a First Shift schedule, with standard business hours of Monday through Friday, 8:00 a.m. to 5:00 p.m. in your local time zone. Business needs may occasionally require flexibility in work hours, including earlier, later, or additional hours, with reasonable notice provided when possible. Job Responsibilities Application Security Design Standards & Patterns Define and document secure development standards and patterns for modern application architectures (web, API, microservices), with guidance grounded in industry best practices such as OWASP and informed by broader frameworks (i.e. NIST, CIS Controls). Develop reusable patterns for common application scenarios such as secure APIs, service-to-service communication and front-end/back-end architecture. Translate complex security risks into clear, developer-focused guidance that can be easily adopted. Contribute to the creation of machine-consumable security patterns to support AI-enabled and automated development tools. Secure Design Enablement Collaborate with engineers and architects during design discussions to provide guidance on secure application architecture and design decisions. Identify common security pitfalls early in the lifecycle. Provide guidance on secure integration and data protection patterns. For example: - Input validation and output encoding - API security and authentication flows - Session management and token handling - Secrets management and secure configuration Promote secure-by-design and secure-by-default principles to enable efficient and secure development practices. Identity & Access Management (Supporting Role) Support the integration of authentication and authorization patterns within application architecture. Ensure secure implementation of protocols such as OAuth 2.0, OIDC, and SAML. Align application security practices with identity and access management, identity governance, and privileged access management solutions. Cross-Functional Collaboration Partner with Digital Identity Services, Cybersecurity Engineering, Product Security Testing, and other teams to provide application security guidance and support risk mitigation. Collaborate with the Governance, Risk, and Compliance team to align application security practices with enterprise policies and regulatory requirements. Work with Cybersecurity Operations to enhance detection and response capabilities for application-level threats. Engage with Enterprise Architecture teams to influence secure design decisions. Support data protection initiatives by ensuring appropriate controls for sensitive data handling and exposure mitigation are utilized. Risk Advisory Review vulnerability patterns and provide guidance on prioritization and remediation of application security risks. Serve as a trusted advisor to engineering and architecture teams, offering practical and actionable security recommendations. Support standardization of application security risk management practices across teams. Continuous Improvement and Innovation Stay current with emerging threats, vulnerabilities, and trends in application security. Evaluate and evolve security standards to support cloud native, API first, distributed, and AI enabled applications. Contribute to the development of scalable, consistent application security enablement practices across the organization.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Labcorp? Share your experience