Exceed the expectations of our residential mortgage borrowers & business partners through superior service, simple processes, and effective communications.

We deliver on this mission by empowering our employees by encouraging and recognizing superior performance and innovative solutions, by promoting teamwork and divisional cooperation.
 

The Sr Application Security Specialist plays a critical role in strengthening the security posture of Newrez’s applications and digital platforms. This role focuses on analyzing vulnerabilities, enabling secure development practices, and supporting secure SDLC operations across the enterprise.

Essential Functions, Duties, and Responsibilities

• Perform in‑depth analysis of application and API logs to detect anomalies, abuse of business logic, and emerging threat patterns; utilizing the SIEM, tune detections and reduce false positives.
• Monitor, configure, and continuously tune WAF policies; validate effectiveness against real attack traffic.
• Plan and execute SAST/DAST at scale (plus SCA/IAST where applicable); own scan quality, gating, and results triage; drive vulnerabilities through remediation with clear, actionable guidance.
• Conduct comprehensive API security testing (manual and automated); perform targeted penetration tests on high‑risk services.
• Triage, prioritize, and escalate security alerts with crisp handoffs to IR; lead root‑cause analysis for application‑layer incidents and contribute to playbooks and lessons learned.
• Embed with product/engineering and DevOps to integrate security into the SDLC: threat modeling, security requirements, secure coding patterns, and CI/CD security gates.
• Build or extend security automation (Python, PowerShell, GitHub Actions/Azure DevOps) for repeatable testing, ticket enrichment, evidence collection, and metrics.
• Maintain high‑quality documentation: findings, remediation plans, exceptions, architecture decisions, runbooks, and compliance evidence.
• Contribute to secure coding standards, patterns, and reference implementations; champion developer enablement.
• Run red/purple‑team activities and adversary simulations; translate results into durable detections and control hardening.
• Strengthen cloud‑native application security: AWS/Azure secrets management, image and IaC scanning, container/Kubernetes runtime controls, supply‑chain safeguards.
• Track and report KPIs/KRIs (mean time to triage, time‑to‑fix by severity, scan coverage, false‑positive rate) and use them to guide continuous improvement.
• Ability to effectively and accurately convey information to others.
• Performs related duties as assigned by management.

Qualifications and Education Requirements

• Bachelor's degree in Cybersecurity, Information Technology, or a related field is preferred.
• 5+ years in AppSec.
• Strong understanding of OWASP/CWE/API risks.
• Experience with SAST/DAST/SCA
  • Hands-on experience running and interpreting results from SAST, DAST, SCA, IAST, container scans, and dependency scanning tools.
• CI/CD familiarity.
• Ability to perform vulnerability triage to validate findings.
• Ability to review code (read-only) in at least one major programming stack: Java, .NET, JavaScript/Node, Python, or Go.
• Demonstrated ability to translate vulnerabilities and technical risk into clear, actionable remediation guidance for engineering teams.

Skills, Abilities, and Knowledge

• Experience conducting or supporting internal penetration tests, red team engagements, or adversarial simulations.
• Understanding of cloud-native application security (AWS/Azure IAM, secret management, runtime controls, container escape risks)
• Ability to create or contribute to security automation (Python, PowerShell, or GitHub Actions workflows).
• Certifications such as GWAPT, GWEB, OSWE, or GIAC Cloud Security are a plus.
• Strong verbal communication skills; strong writing and composition abilities.
• Strong interpersonal skills with the ability to develop and maintain effective and professional
  relationships across the organization and with customers.
• High learning agility with the ability to learn and integrate business variables and learn new systems and platforms.
• Strong analytical skills & problem-solving abilities; solid decision-making abilities coupled with sound judgment.
• Effective at managing multiple priorities under tight deadlines in a fast-paced, dynamic environment.
• Strong project management and time management capability.
• Self-directed and comfortable working with ambiguity and uncertainty.
• High degree of professional maturity, integrity, ability to maintain confidential data and information.

Work Environment and Physical Requirements

• Working on-site at assigned office location.
• Regular and punctual attendance adhering to schedule established by leadership.
• Flexibility to work occasional adjusted work schedules, overtime, and evening and/or weekend hours to meet deadlines or as business needs demand.
• Working in a cubicle hub, maintaining focus on phone calls in a noisy environment within earshot of multiple other conversations.
• Sedentary work in a stationary position at a cubicle for prolonged periods of time.
• Constant repetitive motions required for operating a computer, such as typing and managing phone calls.
• Constantly communicating effectively verbally in English, including accurately exchanging information with others following identification of correct procedures.

Additional Information:

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.

Company Benefits:

Newrez is a great place to work but we are only as strong as our greatest asset, our employees, so we believe in rewarding them!

• Medical, dental, and vision insurance

• Health Savings Account with employer contribution

• 401(k) Retirement plan with employer match

• Paid Maternity Leave/Parental Bonding Leave

• Pet insurance

• Adoption Assistance

• Tuition reimbursement

• Employee Loan Program

• The Newrez Employee Emergency and Disaster Fund is a new program to support our team members

Newrez NOW:

• Our Corporate Social Responsibility program, Newrez NOW, empowers employees to become leaders in their communities through a robust program that includes volunteering, philanthropy, nonprofit grants, and more

• 1 Volunteer Time Off (VTO) day, company-paid volunteer day where all eligible employees may participate in a volunteer event with a nonprofit of their choice

• Employee Matching Gifts Program: We will match monetary employee donations to eligible non-profit organizations, dollar-for-dollar, up to $1,000 per employee

• Newrez Grants Program: Newrez hosts a giving portal where we provide employees an abundance of resources to search for an opportunity to donate their time or monetary contributions

Equal Employment Opportunity 
We're proud to be an equal opportunity employer- and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

CA Privacy Policy

CA Notice at Collection