CybersecurityJobs.io
← Back to all jobs

Job Description

Publicis Groupe Holdings B.V is seeking a Staff Application Security Engineer to provide strategic leadership for application security platforms and to weave security into the software development lifecycle. This onsite Chicago-based role collaborates with Product, Engineering, and embedded Security Champions to scale secure-by-design practices using AI-enabled engineering while upholding enterprise security standards.

Responsibilities

  • Oversee Epsilon's application security platforms, directing configuration, adoption, and effective use by Product and Engineering teams, with Veracode, SonarQube, and Wiz experience a plus.
  • Guide and review the analysis of security findings, partnering with Security Champions and engineering teams to interpret results, prioritize risk, and recommend remediation strategies.
  • Collaborate with Product, Engineering, and embedded Security Champions to ensure security expectations are understood, consistently applied, and aligned with Epsilon’s security policies and standards.
  • Integrate AI into Application Security to enable Secure-by-Design Engineering, driving the adoption of AI-enabled development practices that embed security throughout the software development lifecycle; guide teams in using AI tools to generate, review, and remediate code securely, ensuring outputs are governed and validated and aligned with enterprise standards; expand security beyond traditional tooling by leveraging AI as a scalable mechanism to improve security.
  • Serve as a trusted advisor to engineering teams by providing clear guidance, risk context, and actionable recommendations, translating complex security risks into practical, business-relevant decisions rather than conducting security testing directly.
  • Communicate with confidence and clarity across technical and non-technical audiences, effectively influencing outcomes by articulating security risks, tradeoffs, and recommendations to drive understanding and action.
  • Produce and deliver monthly KPI-based reporting that highlights trends, risk posture, adoption metrics, and actionable insights for technical stakeholders and executive leadership.
  • Educate, coach, and enable development teams and embedded Security Champions on secure coding expectations, application security platforms, and Epsilon security policies.
  • Drive the onboarding of new teams and applications into application security platforms, ensuring consistent implementation, accountability, and long-term adoption.
  • Build and maintain strong, trust-based relationships across Product, Engineering, and Security to influence outcomes, reinforce shared ownership, and continuously mature application security practices.

Requirements

  • Strong ability to influence decisions and collaborate across teams.
  • Analytical mindset with solid problem-solving capabilities.
  • Demonstrated organizational discipline.
  • Bachelor’s or Master’s degree in computer science or related field, plus at least five years of hands-on experience in application security or cybersecurity.
  • Experience with application security testing (SAST, DAST, MAST, RAST, IAST); direct experience in application vulnerability management; strong threat modeling knowledge.
  • Proficiency with Microsoft Office tools for documentation, reporting, and executive communication.
  • Experience applying AI-assisted tools to accelerate development, improve code quality, and embed security into the engineering lifecycle; ability to guide AI outputs, validate results, and govern usage to scale secure development.
  • Proficiency in Bash scripting and experience with Ansible and Terraform for cloud security automation.
  • Background as a software developer and familiarity with cybersecurity concepts to deliver practical, developer-friendly security guidance to engineering teams.

Technologies

  • Veracode
  • SonarQube
  • Wiz
  • Bash
  • Ansible
  • Terraform
  • Microsoft Office

Similar Jobs