Application Security Engineer
Content + Source + Freshness • 11 Dec 2025 • 95% confidence
Offer value
High value attributed to the unique intersection of application security and the entertainment industry, with competitive compensation.
- Competitive salary range: $110,000 - $135,000/year.
- Unique opportunity within the entertainment and technology sectors.
- Involvement in enhancing security across significant platforms.
Pros
- Involvement in securing applications that support major entertainment services.
- Strong compensation package indicating company valuation and sector stability.
- Engagement with modern technologies and security frameworks.
Cons
- Not suitable for inexperienced candidates despite potential training.
- Demands integration of security in fast-paced development cycles.
- Pressure to deliver security solutions in high-stakes environments.
Who it's for
Mid-Senior Level • Hybrid
Good fit
- Application security experts with a passion for technology in entertainment
- Professionals experienced in DevSecOps and automation
- Strong communicators who enjoy working in creative fields
Not recommended for
- New security professionals lacking domain knowledge
- Individuals seeking solely remote roles.
- Those uncomfortable in fast-paced environments.
Motivation fit
Key skills
About the job
About Us
At Cast & Crew, we’ve empowered creativity and supported the global entertainment industry for decades. Together with our family of brands - Backstage, CAPS, Checks & Balances, Final Draft, Media Services, Sargent-Disc, and The TEAM Companies – we operate as a combined entertainment technology and services provider offering industry standard screenwriting accounting software, digital payroll products, data & reporting, and a host of creative tools. The industry continues to move faster than ever, and the need for our expertise, our technology, and our people has never been greater. We are a production’s best ally every step of the way. #OneCastOneCrew
We are seeking a highly skilled and motivated Information Security Engineer specializing in Application Security, DevSecOps, and Automation to join our team. In this role, you will be responsible for designing and implementing security strategies across the software development lifecycle, automating security operations, and driving the integration of security into DevOps practices.ou will play a key role in safeguarding our applications and infrastructure by:
Embedding security into the SDLC to ensure applications are secure by design.
Building and automating DevSecOps pipelines to streamline secure software delivery.
Developing and deploying security tools and workflows to enhance efficiency and scalability.
Conducting proactive risk assessments and vulnerability management to mitigate potential threats.
You bring expertise in building and securing modern software development environments, with a strong foundation in secure coding practices, threat modeling, and vulnerability management. Your hands-on experience in automating security testing within CI/CD pipelines makes you a vital partner to our development, IT, and operations teams. By leveraging cutting-edge tools and frameworks, you will seamlessly integrate security into the software development lifecycle while driving efficiency through automation. This role provides an exciting opportunity to work with innovative technologies, collaborate with talented professionals, and protect the applications that power the payroll services behind your favorite movies and TV shows. If you are passionate about tackling complex security challenges and implementing proactive solutions, we want you on our team!
Core Responsibilities
1. Application Security
- Conduct application security assessments, including code reviews, threat modeling, and penetration testing.
- Develop, maintain, and implement secure coding guidelines and best practices for development teams.
- Identify and remediate vulnerabilities in applications using tools like SAST, DAST, and RASP.
- Collaborate with development teams to ensure security is integrated into the design and architecture of new applications.
- Respond to and manage application-level security incidents.
2. DevSecOps Integration
- Design and implement DevSecOps pipelines to automate security testing (e.g., SCA, SAST, DAST) in CI/CD workflows.
- Advocate for “security as code” by integrating security controls into infrastructure-as-code and deployment scripts.
- Work with DevOps teams to ensure secure configurations of containerized and cloud-based environments.
- Continuously evaluate and improve DevSecOps tools and processes to reduce friction and optimize developer productivity.
3. Automation
- Develop and implement scripts, APIs, and automation workflows to improve security operations and reduce manual effort.
- Automate vulnerability management, patching, and reporting processes.
- Monitor and enhance security tools through custom scripting or integrations with other platforms.
- Build automated security metrics dashboards to track risk and compliance.
4. Collaboration and Training
- Partner with cross-functional teams to foster a culture of security awareness and shared responsibility.
- Provide training and mentoring to developers and engineers on secure coding practices and security tools.
- Act as a security advisor during development sprints and product planning.
5. Research and Continuous Improvement
- Stay up-to-date with the latest security vulnerabilities, trends, and technologies.
- Evaluate new tools, technologies, and methodologies to enhance application security and automation.
- Participate in incident response efforts as needed, providing expertise in application-level threats.
Key Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
- 3+ years of experience in cybersecurity, with a focus on application security, DevSecOps, or automation.
- Strong understanding of secure software development lifecycle (SDLC) practices.
- Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, SonarQube, Veracode, Checkmarx).
- Experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD, GitHub Actions) and integrating security testing into pipelines.
- Familiarity with programming/scripting languages (e.g., Python, Java, Bash, or PowerShell).
- Strong knowledge of cloud security principles (e.g., AWS, Azure, GCP) and container security (e.g., Docker, Kubernetes).
- Experience with Infrastructure-as-Code tools (e.g., Terraform, Ansible).
- Knowledge of OWASP Top 10, CWE, and other security frameworks.
- Excellent problem-solving and communication skills.
Preferred Qualifications
- Relevant certifications (e.g., OSCP, CISSP, CEH, CSSLP, or AWS Security Specialty).
- Experience with security orchestration, automation, and response (SOAR) tools.
- Familiarity with compliance frameworks (e.g., ISO 27001, SOC 2, PCI DSS).
- Hands-on experience with vulnerability management tools and processes.
Benefits
Cast & Crew provides a comprehensive package of employee benefits including: Medical, Dental, Vision, PTO, health and wellness programs, employee discounts, and more! Note: Cast & Crew benefits are subject to eligibility requirements.
Cast & Crew is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. It is our policy to provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job, without regard to age, gender, gender identity, sexual orientation, race, color, religion, creed, national origin, disability, genetic information, veteran status, citizenship or marital status, and to maintain a non-discriminatory environment free from intimidation, harassment or bias based upon these grounds.
CA residents
Your personal information may be collected in connection with certain services provided by Cast & Crew or its affiliated companies. A summary of your California privacy rights can be found at: https://www.castandcrew.com/privacy-policy/
