Application & Cloud Security Specialist
Location:
4910 Tiedeman Road, Brooklyn OhioOur Cyber Application & Cloud Defense team operates within Key’s broader Cyber Defense function in Corporate Information Security. Our mission is to enable secure software delivery and resilient cloud environments by proactively identifying, assessing, and reducing application and cloud security risks.
The Application & Cloud Security Specialist is responsible for performing application security assessments and cloud security reviews across modern development and cloud-native environments. This role combines hands-on manual penetration testing with the use of SAST, SCA, and DAST tools, as well as cloud security posture evaluation through CSPM capabilities.
You will work closely with development, DevOps, and cloud engineering teams to integrate security into CI/CD pipelines and improve secure coding practices. This role requires strong technical depth, development experience, and proficiency with command-line tools.
The ideal candidate is hands-on, execution-focused, and comfortable leveraging modern tooling—including AI-powered development and security assistants—to improve productivity, testing depth, and vulnerability detection.
Key Responsibilities
- Perform manual application security testing and penetration testing of web applications, APIs, and services.
- Review and validate findings from SAST, SCA, and DAST tools, including triage and false positive reduction.
- Conduct API security and dynamic testing to identify vulnerabilities and misconfigurations.
- Assess open-source dependencies and third-party libraries for vulnerabilities and supply chain risk.
- Evaluate cloud environments (GCP, Azure, AWS) for misconfigurations, excessive permissions, and exposure risks in support of the CSPM program.
- Implement and maintain CI/CD security integrations, including scanning tools and automation workflows.
- Develop scripts and CLI-based tooling to support scalable security testing and validation activities.
- Partner with development teams to remediate vulnerabilities and improve secure coding practices.
- Participate in architecture and design reviews, providing actionable security recommendations.
- Utilize AI tools and coding assistants to enhance productivity, automate analysis, and improve testing efficiency while maintaining secure and responsible usage practices.
- Track and report vulnerabilities, remediation progress, and security metrics.
Required Qualifications
- Bachelor of Computer Science, Cybersecurity, or related field—or equivalent experience.
- 4+ years of experience in application security, penetration testing, or secure software development.
- Hands-on experience with:
- Manual application security testing (web/API)
- SAST, SCA, DAST tools
- Common vulnerabilities (OWASP Top 10, API risks)
- Experience with at least one cloud platform (Google Cloud, Microsoft Azure, or AWS).
- Strong programming/scripting experience (Python, Java, JavaScript, Bash, PowerShell, or similar).
- Proficiency working in command-line environments (Linux/Unix).
- Familiarity with CI/CD pipelines and DevSecOps practices.
- Experience or comfort using AI-enabled tools and coding assistants (e.g., for code analysis, automation, or testing support).
Preferred Qualifications / Certifications
- Experience with AppSec tools (e.g., Snyk, Burp Suite, API security tools).
- Familiarity with containers, Kubernetes, and cloud-native architectures.
- Exposure to IaC security practices.
- Certifications such as:
- GIAC Web Application Penetration Tester (GWAPT)
- Offensive Security Web Expert (OSWE)
- Cloud security certifications (AWS/Azure/GCP)
COMPENSATION AND BENEFITS
This position is eligible to earn a base salary in the range of $69,000.00 - $105,000.00 annually. Placement within the pay range may differ based upon various factors, including but not limited to skills, experience and geographic location. Compensation for this role also includes eligibility for incentive compensation which may include production, commission, and/or discretionary incentives.Please click here for a list of benefits for which this position is eligible.
Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.
Job Posting Expiration Date: 08/21/2026

KeyCorp is an Equal Opportunity Employer committed to sustaining an inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, pregnancy, disability, veteran status or any other characteristic protected by law.Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.
#LI-Remote