Application Security Engineer

Senior Director – New Business & Strategic Partnerships Location: San Jose, CA Work Mode: Hybrid – Onsite in San Jose 3 days per week (mandatory) Hours: Full-time, 40 hours per week Role Overview Our client is looking for a Corticon Developer who can sit at the intersection of business rules, application security, and software supply chain visibility. Key Responsibilities Build and maintain solutions using Corticon. Lead and support SCA (Software Composition Analysis) build tooling. Implement and fine‑tune SBOM (Software Bill of Materials) tooling with Syft, Anchore, and CycloneDX. Partner closely with development, security, and compliance teams to ensure applications are functional, secure, compliant, and auditable. Design, develop, and maintain Corticon rules and decision services to support core business applications. Translate business requirements into clear, maintainable, and scalable rule models. Optimize existing Corticon assets for performance, reuse, and ease of change. Collaborate with business analysts and product owners to validate rules logic and coverage. SCA Build Tooling (Software Composition Analysis) Manage and support SCA build tooling programs used to scan open‑source and third‑party components. Integrate SCA tooling into build pipelines and CI/CD workflows in partnership with engineering and DevOps. Review and interpret SCA findings, helping teams understand vulnerability and licensing risks. Assist in defining and enforcing policies around dependency health and open‑source usage. SBOM Tooling & Supply Chain Security Implement and configure SBOM tools such as Syft, Anchore, and CycloneDX across applications and services. Automate SBOM generation and distribution as part of the build and deployment process. Ensure SBOM data is accurate, complete, and usable for audits, risk assessments, and compliance reporting. Work with security and compliance stakeholders to embed SBOM usage into governance and incident response practices. Collaboration, Governance & Documentation Act as a point‑of‑contact for SCA and SBOM tooling programs, aligning efforts across engineering, security, and compliance. Help shape standards, best practices, and guidelines for rules development, SCA, and SBOM usage. Create and maintain clear technical documentation, including design notes, playbooks, and runbooks. Provide knowledge sharing and guidance to development teams on using Corticon, SCA, and SBOM tools effectively. Required Qualifications Proven hands‑on experience as a Corticon Developer, working with rule models and decision services in real‑world projects. Hands‑on expertise with SCA build tooling as part of application development or DevSecOps workflows. Strong working knowledge of SBOM tooling and ecosystems, specifically Syft, Anchore, and CycloneDX. Experience operating in or alongside application security or software development environments, ideally with some program or initiative ownership. Solid understanding of the software development lifecycle (SDLC) and modern build / CI/CD practices. Strong analytical and problem‑solving skills, with the ability to troubleshoot issues involving rules, builds, and tooling integrations. Excellent communication skills, able to work with engineers, security teams, and non‑technical stakeholders. Ability and willingness to be onsite in San Jose, CA at least 3 days per week (mandatory requirement). Nice‑to‑Have Skills Experience with Corticon Studio and Corticon Server in an enterprise setting. Familiarity with containerized applications and scanning of container images. Exposure to application security concepts (e.g., OWASP, vulnerability management, secure coding principles). Hands‑on experience with CI/CD platforms such as Jenkins, GitHub Actions, GitLab CI, or Azure DevOps. Understanding of open‑source license compliance, software supply chain regulations, or SBOM‑related standards. #J-18808-Ljbffr