Application Security Engineer

Application Security Engineer

Carrollton, TX (on-site)

The Application Security Engineer is responsible for championing the integration of security at every stage of the software development lifecycle (SDLC), partnering with IT and development teams to implement threat modeling, security reviews, and automated assessments that strengthen and evolve the organization's application security posture.

Benefits and Perks*

• Uncapped Flexible Paid Time Off.
• Paid on-the-job training and a comprehensive new hire program.
• Access to a robust learning management system, full of e-learning modules to help boost your professional and personal development.
• Performance-based career advancement.
• Educational Reimbursement Program.
• Multiple coverage choices for medical insurance, all include telemedicine and medical spending account options (HSA/FSA/Dependent Care FSA).
• Traditional 401(k) and Roth 401(k) Retirement plan with a generous Company match program.
• Company-Sponsored Life and AD&D Insurance.
• Basic and Enhanced Voluntary benefits so you may choose the right coverage at the right price for you and your family. Plans include dental, vision, short-term and long-term disability plans, supplemental life and AD&D insurance, accident, critical illness, hospital indemnity, ID theft protection, legal services program, and pet insurance.
• Free access to mental health resources, life coaching, and more for you and your family members through our Employee Assistance Program.
• Free access to exclusive discounts from nationwide and local retailers through our Discount Marketplace.
• A relaxed, business casual dress code that includes jeans and sneakers! 

*Based on current benefit offering, which is subject to change with or without notice. Certain benefits are subject to the terms and conditions of the governing plan documents which should be consulted for additional details and eligibility requirements.

• Oversee and support the execution of the Application Security program, providing security governance and guidance across engineering teams.
• Drive the implementation and usage of application security tooling (e.g., SAST, DAST, SCA, fuzz testing) while maintaining flexibility across technologies.
• Collaborate with stakeholders to define security metrics and reporting mechanisms that inform leadership and guide remediation priorities.
• Mentor developers and serve as the voice of application security—translating risks into actionable strategies for both technical and non-technical stakeholders.
• Ensure that vulnerabilities are remediated before code moves to production and provide guidance on the remediation process for application/API security vulnerabilities.
• Tracking and managing vulnerabilities while working closely with developers to empower them with secure coding practices.
• Coordinate with Application Development and Security teams to foster collaboration and ensure that security is embedded throughout the development lifecycle.
• Utilize automation to Incorporate security measures into every stage of the DevOps pipeline to protect applications and APIs.
• Evaluate third-party services for potential weaknesses in their security posture.

• 5+ Years’ experience in Application Security with demonstrated success securing web, mobile, or cloud apps in production, with hands-on SAST/DAST/SCA experience.
• Proven ability to assess existing security designs and strategically mature them over time, moving beyond basic implementations to robust, resilient systems
• Deep knowledge of application layer attacks and defense mechanisms (CCS, CSRF, SQLi, XXE, SSRF, broken access control etc.).
• Deep knowledge of common web, API and cloud vulnerabilities (e.g. OWASP Top 10, CWE, auth flaws etc.).
• Deep knowledge of vulnerabilities, reachability, exploitability and how they affect applications.
• Deep knowledge of code scanning methods including Static Application Security Testing (SAST), Software Composition Analysis (SCA), Infrastructure as Code (IaC) Security, API Security, and Dynamic Application Security Testing (DAST).
• Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
• Strong experience with custom scripting (python, C++, PowerShell, bash, etc.) and process automation.
• Strong knowledge of common enterprise infrastructure technology stacks and network configurations.
• Knowledge of shift-left strategies and embedding controls early in the development lifecycle.
• Knowledge of automated code scanning tools and development pipeline tools.
• Ability to positively influence the behavior of peers and build relationships with other teams. without direct authority over those teams.
• Ability to balance security requirements with business needs and development velocity, finding practical solutions that enhance security without hindering progress.

We are honored to be recognized as a Military Friendly Employer and Military Friendly Spouse Employer for four consecutive years and have received designation as a Top Employer for Hispanic and Latinos by HLPA in 2023, 2024, and 2025. Additionally, we have been named one of America’s Greatest Workplace in Financial Services 2025 by Newsweek. 

The Community Choice Financial® Family of Brands ("CCF" or the “Company”), is one of the largest consumer specialty finance organizations in the U.S. We provide our customers, Team Members, and communities the Power of Choice with over 10 brands represented in more than 1,500 brick-and-mortar stores serving 24 states and online product offerings in 20 states. Community Choice Financial® Family of Brands is steadfast in our commitment to help people across the country get access to the short-term financial services they need when they need it the most.

Think you’d thrive here?  Learn more at https://www.ccffamilyofbrands.com/explore-careers

The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor is it intended to be an all-inclusive list of the skills and abilities required to do the job. The Company may, at its discretion, revise the job description at any time, and additional functions and requirements may be assigned by supervisors as deemed appropriate.  Requirements, skills, and abilities included have been determined to illustrate the minimal standards required to successfully perform the position.

Important: The Community Choice Financial® Family of Brands will never ask you for banking or other payment information at any point during the interview or hiring process, nor will we conduct an interview via text message. Any official email correspondence will come from the domains @ccfi.com. In-store positions are in person only.

The Community Choice Financial® Family of Brands is committed to providing an inclusive workplace free of discrimination based on race, color, religion, sex, age, national origin, military status, disability, pregnancy, sexual orientation, gender identity or expression, genetic information or any other characteristic protected by applicable law. Candidates of all backgrounds are encouraged to apply. CCFI Companies, LLC is an equal-opportunity employer.