Cybersecurity Engineer Application Security Enablement

Labcorp is seeking a Cybersecurity Engineer Application Security Enablement to join our team in a remote capacity.

Location : Remote

Applicants who live within 35 miles of either the Burlington, NC or Durham, NC location will follow a hybrid schedule. This schedule includes a minimum of three in - office days per week at an assigned location, either Burlington or Durham, supporting both collaboration and flexibility.

Work Schedule: This is a full time , exempt (salaried) position assigned to a First Shift schedule, with standard business hours of Monday through Friday, 8:00 a.m. to 5:00 p.m. in your local time zone. Business needs may occasionally require flexibility in work hours, including earlier, later, or additional hours, with reasonable notice provided when possible.

Job Responsibilities

Application Security Design Standards & Patterns

• Define and document secure development standards and patterns for modern application architectures (web, API, microservices), with guidance grounded in industry best practices such as OWASP and informed by broader frameworks ( i.e. NIST, CIS Controls).

• Develop reusable patterns for common application scenarios such as secure APIs, service-to-service communication and front-end/back-end architecture.

• Translate complex security risks into clear, developer-focused guidance that can be easily adopted.

• Contribute to the creation of machine-consumable security patterns to support AI-enabled and automated development tools.

Secure Design Enablement

• Collaborate with engineers and architects during design discussions to p rovide guidance on secure application architecture and design decisions .

• Identify common security pitfalls early in the lifecycle .

• Provide guidance on secure integration and data protection patterns . For example:
  - Input validation and output encoding
  - API security and authentication flows
  - Session management and token handling
  - Secrets management and secure configuration

• Promote secure-by-design and secure-by-default principles to enable efficient and secure development practices .

Identity & Access Management (Supporting Role)

• Support the integration of authentication and authorization patterns within application architecture .

• Ensure secure implementation of protocols such as OAuth 2.0, OIDC, and SAML.

• Align application security practices with identity and access management, identity governance, and privileged access management solutions.

Cross-Functional Collaboration

• Partner with Digital Identity Services , Cybersecurity Engineering, Product Security Testing, and other teams to provide application security guidance and support risk mitigation.

• Collaborate with the Governance, Risk, and Compliance team to align application security practices with enterprise policies and regulatory requirements.

• Work with Cybersecurity Operations to enhance detection and response capabilities for application-level threats.

• Engage with Enterprise Architecture teams to influence secure design decisions.

• Support data protection initiatives by ensuring appropriate controls for sensitive data handling and exposure mitigation are utilized .

Risk Advisory

• Review vulnerability patterns and provide guidance on prioritization and remediation of application security risks.

• Serve as a trusted advisor to engineering and architecture teams, offering practical and actionable security recommendations.

• Support standardization of application security risk management practices across teams.

Continuous Improvement and Innovation

• Stay current with emerging threats, vulnerabilities, and trends in application security.

• Evaluate and evolve security standards to support cloud native, API first, distributed, and AI enabled applications.

• Contribute to the development of scalable, consistent application security enablement practices across the organization.

Minimum Qualifications

• High school diploma with 12 or more years of experience in application security, secure software development, or cybersecurity engineering; or Associate degree with 10 or more years of experience ; or Bachelors degree in Computer Science, Information Security, or Engineering with 8 or more years of experience ; or Masters degree in Computer Science, Information Security, or Engineering with 6 or more years of experience.

• 8 or more years of experience in application security, secure software development, or cybersecurity engineering, with a focus on identifying and addressing application-layer risks .

• 5 or more years of experience applying secure coding principles and addressing application security risks using OWASP Top 10 or similar best practices, with the ability to translate risks into actionable developer guidance .

• 3 or more years of experience working with enterprise security frameworks such as NIST CSF, CIS Controls, or ISO 27001, with demonstrated ability to align application security practices to these or other applicable frameworks .

• 3 or more years of experience in application or software development, OR equivalent experience working closely with development teams, with demonstrated ability to engage developers credibly on secure coding practices, design, and remediation strategies .

• 5 or more years of experience designing or securing web applications, APIs, and microservices architectures, including providing guidance on secure design decisions .

• 5 or more years of experience identifying , analyzing, and guiding remediation of common vulnerabilities such as injection, XSS, CSRF, broken authentication, and insecure deserialization .

• 3 or more years of experience applying secure design patterns in real-world systems, with the ability to guide teams on secure-by-design and secure-by-default principles .

• 2 or more years of experience securing cloud-native applications and APIs in AWS or Azure, including advising on secure architecture and integration patterns .

• 2 or more years of experience working with authentication and authorization protocols such as OAuth 2.0, OIDC, and SAML, including advising on appropriate implementation within application architectures .

• 3 or more years of experience operating in a consultative, cross-functional role, providing actionable security guidance to engineering and architecture teams and influencing secure design decisions .

Preferred Qualifications

• 3 or more years of experience defining or contributing to secure development standards, guidelines, or reference architectures .

• 3 or more years of experience integrating security into the software development lifecycle (SDLC), including DevSecOps practices and collaboration with CI/CD pipelines and development workflows .

• 3 or more years of experience working with API security frameworks, standards, or tooling, with the ability to guide teams on securing modern API-driven architectures .

• 2 or more years of experience applying threat modeling methodologies to identify design-level risks and guide mitigation strategies with engineering and architecture teams .

• 2 or more years of experience working with application security testing tools (SAST, DAST, SCA), including interpreting findings and helping development teams prioritize and remediate vulnerabilities effectively .

• 1 or more years of experience enabling the secure design of AI-enabled applications, focusing on security controls and best practices, including emerging risks and secure design patterns, with the ability to guide engineering teams o n secure adoption practices.

Additional Job Standards

• Experience supporting security testing or assessment teams.

• Familiarity with identity and access management platforms such as Okta, Microsoft Entra ID, or SailPoint.

• Broad familiarity with cloud platform security capabilities and their integration into enterprise environments .

• Relevant certifications such as CSSLP, GWAPT, or CISSP.

• Strong analytical and problem solving skills with a pragmatic approach to security solutions.

• Developer focused mindset with an understanding of modern application development practices.

• Ability to simplify complex technical concepts for diverse audiences.

• Strong collaboration skills across engineering, security, and architecture teams.

• Proven ability to deliver practical, scalable, and reusable solutions.

• High level of professionalism, adaptability, and continuous learning mindset.

• Strong communication skills with the ability to translate complex security concepts into practical guidance.

About the Role

The Cybersecurity Engineer Application Security Enablement plays a critical role in strengthening Labcorps application security posture by enabling secure design and development practices across engineering teams. This position combines deep technical expertise with a consultative approach to guide teams in building secure, scalable applications. The role supports enterprise security strategy by embedding security standards, improving risk management practices, and advancing secure development capabilities, including the adoption of emerging technologies such as AI enabled applications.

Application Window: 6/27/2026

Pay Range: $160-170k

All job offers will bebased on a candidates skills and prior relevant experience, applicabledegrees/certifications,as well as internal equity and market data.

Benefits: Employees regularly scheduled to work 20 or more hours per week are eligible for comprehensive benefits including: Medical, Dental, Vision, Life, STD/LTD, 401(k), Paid Time Off (PTO) or Flexible Time Off (FTO), Tuition Reimbursement and Employee Stock Purchase Plan. Employees regularly scheduled to work less than 20 hours, Casual, Intern, and Temporary employees are only eligible to participate in the 401(k) Plan. Employees who are regularly scheduled to work a 7 on/7 off schedule are eligible to receive all the foregoing benefits except PTO or FTO. For more detailed information, please click here .

Labcorp is proud to be an Equal Opportunity Employer:

Labcorp strives for inclusion and belonging in the workforce and does not tolerate harassment or discrimination of any kind. We make employment decisions based on the needs of our business and the qualifications and merit of the individual. Qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), family or parental status, marital, civil union or domestic partnership status, sexual orientation, gender identity, gender expression, personal appearance, age, veteran status, disability, genetic information, or any other legally protected characteristic. Additionally, all qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law.

We encourage all to apply

If you are an individual with a disability who needs assistance using our online tools to search and apply for jobs, or needs an accommodation, please visit our accessibility site or contact us at Labcorp Accessibility. For more information about how we collect and store your personal data, please see our Privacy Statement .