Application & Cloud Security Specialist at 0100 KeyBank National Association — Brooklyn, OH
Full job description
Location:
4910 Tiedeman Road, Brooklyn Ohio
Our Cyber Application & Cloud Defense team operates within Key’s broader Cyber Defense function in Corporate Information Security. Our mission is to enable secure software delivery and resilient cloud environments by proactively identifying, assessing, and reducing application and cloud security risks.
The Application & Cloud Security Specialist is responsible for performing application security assessments and cloud security reviews across modern development and cloud-native environments. This role combines hands-on manual penetration testing with the use of SAST, SCA, and DAST tools, as well as cloud security posture evaluation through CSPM capabilities.
You will work closely with development, DevOps, and cloud engineering teams to integrate security into CI/CD pipelines and improve secure coding practices. This role requires strong technical depth, development experience, and proficiency with command-line tools.
The ideal candidate is hands-on, execution-focused, and comfortable leveraging modern tooling—including AI-powered development and security assistants—to improve productivity, testing depth, and vulnerability detection.
Key Responsibilities
- Perform manual application security testing and penetration testing of web applications, APIs, and services.
- Review and validate findings from SAST, SCA, and DAST tools, including triage and false positive reduction.
- Conduct API security and dynamic testing to identify vulnerabilities and misconfigurations.
- Assess open-source dependencies and third-party libraries for vulnerabilities and supply chain risk.
- Evaluate cloud environments (GCP, Azure, AWS) for misconfigurations, excessive permissions, and exposure risks in support of the CSPM program.
- Implement and maintain CI/CD security integrations, including scanning tools and automation workflows.
- Develop scripts and CLI-based tooling to support scalable security testing and validation activities.
- Partner with development teams to remediate vulnerabilities and improve secure coding practices.
- Participate in architecture and design reviews, providing actionable security recommendations.
- Utilize AI tools and coding assistants to enhance productivity, automate analysis, and improve testing efficiency while maintaining secure and responsible usage practices.
- Track and report vulnerabilities, remediation progress, and security metrics.
Required Qualifications
- Bachelor of Computer Science, Cybersecurity, or related field—or equivalent experience.
- 4+ years of experience in application security, penetration testing, or secure software development.
- Hands-on experience with:
- Manual application security testing (web/API)
- SAST, SCA, DAST tools
- Common vulnerabilities (OWASP Top 10, API risks)
- Experience with at least one cloud platform (Google Cloud, Microsoft Azure, or AWS).
- Strong programming/scripting experience (Python, Java, JavaScript, Bash, PowerShell, or similar).
- Proficiency working in command-line environments (Linux/Unix).
- Familiarity with CI/CD pipelines and DevSecOps practices.
- Experience or comfort using AI-enabled tools and coding assistants (e.g., for code analysis, automation, or testing support).
Preferred Qualifications / Certifications
- Experience with AppSec tools (e.g., Snyk, Burp Suite, API security tools).
- Familiarity with containers, Kubernetes, and cloud-native architectures.
- Exposure to IaC security practices.
- Certifications such as:
- GIAC Web Application Penetration Tester (GWAPT)
- Offensive Security Web Expert (OSWE)
- Cloud security certifications (AWS/Azure/GCP)
COMPENSATION AND BENEFITS
Job Posting Expiration Date: 08/21/2026

KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, pregnancy, disability, veteran status or any other characteristic protected by law.
#LI-Remote