Staff Application Security Engineer
Job Description
Publicis Groupe Holdings B.V is seeking a Staff Application Security Engineer to provide strategic leadership for application security platforms and to weave security into the software development lifecycle. This onsite Chicago-based role collaborates with Product, Engineering, and embedded Security Champions to scale secure-by-design practices using AI-enabled engineering while upholding enterprise security standards.
Responsibilities
- Oversee Epsilon's application security platforms, directing configuration, adoption, and effective use by Product and Engineering teams, with Veracode, SonarQube, and Wiz experience a plus.
- Guide and review the analysis of security findings, partnering with Security Champions and engineering teams to interpret results, prioritize risk, and recommend remediation strategies.
- Collaborate with Product, Engineering, and embedded Security Champions to ensure security expectations are understood, consistently applied, and aligned with Epsilon’s security policies and standards.
- Integrate AI into Application Security to enable Secure-by-Design Engineering, driving the adoption of AI-enabled development practices that embed security throughout the software development lifecycle; guide teams in using AI tools to generate, review, and remediate code securely, ensuring outputs are governed and validated and aligned with enterprise standards; expand security beyond traditional tooling by leveraging AI as a scalable mechanism to improve security.
- Serve as a trusted advisor to engineering teams by providing clear guidance, risk context, and actionable recommendations, translating complex security risks into practical, business-relevant decisions rather than conducting security testing directly.
- Communicate with confidence and clarity across technical and non-technical audiences, effectively influencing outcomes by articulating security risks, tradeoffs, and recommendations to drive understanding and action.
- Produce and deliver monthly KPI-based reporting that highlights trends, risk posture, adoption metrics, and actionable insights for technical stakeholders and executive leadership.
- Educate, coach, and enable development teams and embedded Security Champions on secure coding expectations, application security platforms, and Epsilon security policies.
- Drive the onboarding of new teams and applications into application security platforms, ensuring consistent implementation, accountability, and long-term adoption.
- Build and maintain strong, trust-based relationships across Product, Engineering, and Security to influence outcomes, reinforce shared ownership, and continuously mature application security practices.
Requirements
- Strong ability to influence decisions and collaborate across teams.
- Analytical mindset with solid problem-solving capabilities.
- Demonstrated organizational discipline.
- Bachelor’s or Master’s degree in computer science or related field, plus at least five years of hands-on experience in application security or cybersecurity.
- Experience with application security testing (SAST, DAST, MAST, RAST, IAST); direct experience in application vulnerability management; strong threat modeling knowledge.
- Proficiency with Microsoft Office tools for documentation, reporting, and executive communication.
- Experience applying AI-assisted tools to accelerate development, improve code quality, and embed security into the engineering lifecycle; ability to guide AI outputs, validate results, and govern usage to scale secure development.
- Proficiency in Bash scripting and experience with Ansible and Terraform for cloud security automation.
- Background as a software developer and familiarity with cybersecurity concepts to deliver practical, developer-friendly security guidance to engineering teams.
Technologies
- Veracode
- SonarQube
- Wiz
- Bash
- Ansible
- Terraform
- Microsoft Office