Vaco is actively seeking a Senior Application Development Security Engineer to support our client's continued growth in St. Louis. This is a unique opportunity to join an internationally respected organization that is the leader in their field.


(Please Note: No form of employment accommodations or sponsorship are being considered)


Position Overview

The Senior Application Development Security Engineer will possess a developer's mindset along with a passion to shape and scale a growing AppSec program. You'll play a lead role in securing modern web and cloud applications by embedding yourself as a trusted advisor across a large agile development team. This is a high-impact position for someone who can proactively lead initiatives, evaluate potential tools and strategies, and deliver pragmatic security solutions in collaboration with stakeholders and development teams.


Responsibilities:

• Responsible for advising on application security across the SDLC using tools like SAST, SCA, and DAST (e.g., Checkmarx).
• Work closely with developers to triage, prioritize, and remediate vulnerabilities; especially in .NET, Angular, and Python applications.
• Lead tool evaluations, PoCs, and drive adoption of new security technologies and automation strategies.
• Conduct threat modeling, architecture reviews, and support secure design patterns.
• Author and evolve secure coding standards, AppSec playbooks, and automation scripts.
• Advise and partner with Engineering, Product, and Security leadership to influence AppSec roadmap and strategy.
• Mentor junior engineers and support a collaborative, embedded security model.
  
  

Experience:

• Excellent communicator with the ability to collaborate across technical, compliance, and business stakeholders.
• 5 years of combined experience within software development and application security.
• Experience with secure CI/CD integration.
• Background as a former software developer who understands real-world coding tradeoffs.
• Deep familiarity with tools like Checkmarx, Black Duck, or similar SAST/SCA platforms.
• Ability to lead and execute independently in a fast-paced, collaborative environment.
• Knowledge of AWS, mobile security, or red team/pen testing is a plus.
• Strong scripting/automation skills.
• Familiarity with OWASP / Open Worldwide Application Security Project standards desired.
• Certifications: CISSP, CSSLP, GIAC, etc are preferred.
  
  
  

Additional Details:

• Employment Type: Perm / Direct-Hire
• Start Date: Immediate
• Location: Onsite / Downtown St. Louis
• Target Compensation: $150k - $170k based on skills and experience
• Engagement Status: No form of sponsorship or employment arrangements are being considered at this time.
  
  
  

Interested Candidates are Encouraged to Apply for Immediate Consideration!



Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual's skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company's 401(k) retirement plan.