Lead Cybersecurity - Application Security DevSecOps Engineer

Job Description:

This position requires office presence of a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered.

Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

The Dynamic Application Security Testing (DAST) Subject Matter Expert (SME) will work in the field of application security focused on dynamic testing techniques that analyze running applications to identify security vulnerabilities. This involves testing the application from external environments while applications are in operation, simulating real‑world attacks and uncovering runtime issues such as input validation errors, authentication weaknesses, and security misconfigurations.

• Lead the implementation, configuration, and optimization of DAST tools across development pipelines.
• Define and maintain best practices and standards for dynamic application security testing.
• Perform in-depth vulnerability assessments and security testing on web applications, APIs, and mobile apps.
• Collaborate closely with development, Dev Ops, and security teams to integrate DAST into CI/CD workflows.
• Analyze DAST scan results, validate findings, and prioritize remediation efforts based on risk.
• Stay current on emerging threats, vulnerabilities, and exploits relevant to application security.
• Provide expert guidance and training to teams on interpreting DAST reports and remediation strategies.
• Support compliance efforts by ensuring security testing meets regulatory and industry standards.

• Typically, 4‑8 years of experience in application security, with significant hands‑on experience using DAST tools and methodologies.
• Proven expertise in testing complex web applications, APIs, and mobile applications for security vulnerabilities.
• Experience integrating DAST tools (e.g., Burp Suite, IBM App Scan, HCL App Scan, Netsparker, Acunetix) into CI/CD pipelines and Dev Sec Ops  environments.
• Strong understanding of application security standards (e.g., OWASP Top Ten, SANS CWE Top 25).
• Knowledge of complementary security testing approaches such as Static Application Security Testing (SAST) and Interactive Application Security Testing (IAST).
• Effective communication skills and experience collaborating with development teams to remediate vulnerabilities.
• Familiarity with programming languages and frameworks commonly used in web and mobile applications, including Java, Python, Bash/Shell Scripting, PHP, Java script, etc.

• Bachelor’s degree in Computer Science, Information Security, Software Engineering, or a related discipline is preferred.
• Advanced degrees (Master’s or certifications) can enhance expertise and credibility.

• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• GIAC Web Application Penetration Tester (GWAPT)
• Certified Application Security Engineer (CASE)
• Certifications specifically related to security testing tools (e.g., Burp Suite Certified Practitioner)

• Deep technical knowledge of dynamic security testing tools and techniques.
• Strong analytical skills to interpret scan results and distinguish false positives.
• Solid understanding of web protocols, authentication mechanisms, and session management.
• Ability to lead security testing initiatives and mentor junior security engineers.
• Continuous learner mindset to stay ahead of evolving security threats and testing technologies.

Supervisor: No

Our Lead Cybersecurity earns between $128,400 and $192,600 USD annually. In addition, the role offers all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.