GTIL - Application Security Engineer (Sr. Associate)

Grant Thornton is one of the world’s leading professional services networks with member firms in over 145 countries, 75,000 people and global revenues of $8bn. Member firms offer audit, tax, and advisory services to privately owned companies, publicly listed companies, public sector and not for profit organisations, both domestically and internationally.  

Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms. GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network. GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UN’s Sustainable Development Goals (SDGs).  

About The Role

Overall role purpose

The Application Security Engineer plays a crucial role in overseeing the security of development operations (DevSecOps) for GTIL, which includes globally distributed practice management applications.   

Reporting directly to the Application Security Manager and with key relationships to the Development Operations and IT project teams, this role provides architectural, analytical and operational expertise across a range of Azure services and other cloud-based security solutions

Main responsibilities

Securing the Software Development Life Cycle 

• Security oversight of the continuous delivery, continuous integration (CI/CD) pipeline
• Combination of static and dynamic application security testing (SAST/DAST), to identify code bugs and application issues. 
• Software composition analysis (SCA) to track all open-source components in the developer’s code base.
• Threat modelling to identify architectural design faults and potentially exposed targets of attack.
• Evaluate and advise on service deployment into a microservices architecture (Kubernetes), and operational functions relative to security best practices and compliance requirements
• Maintain security issue tracking and reporting using Azure DevOps (ADO)
• Develop and maintain documentation of target state designs and security roadmaps.
• Evaluate applications and environments against Security Frameworks and Compliance requirements.
• Develop and manage Azure Policy to enforce Security Baseline standards.

Person Specification

• Post high school education and/or work-related experience in Computer Science, Information Systems, or other Information Technology related field
• This role best suits a candidate with a background in development who has made a transition to cloud security.
• The job requires effective communication (verbal and written) and project management skills to work with various levels and divisions within the organization.
• Strong organisational and communication skills
• Ability to learn and adapt to a constantly changing technology and threat landscape.
• Relationship building is a key requirement (this role scope of responsibility will on occasion extend to communicating with executive leadership and cross-functional teams) 
• Provides expertise and solutions for complex initiatives and is capable of making independent decisions.
• Cultural awareness, the ability to work well with people from different disciplines and backgrounds.
• Ability to be agile, respond positively to change and contribute with an innovative and global mindset. 
• Strong organisational and communication skills
• Ability to learn and adapt to a constantly changing technology and threat landscape.

Experience 

• Minimum of 2-3 years working in development and security operations OR a combination of relevant experience
• Demonstrated Security and Development Operational expertise:
• Authentication and Identity Governance (AzureAD, Identity and Access Management, OAuth 2.0, OpenID, Conditional Access)
• Container security (Docker and Runtime)
• Azure SQL Server and Azure Cosmos DB
• Azure Block Storage and Data Caching
• .net, C#, REST API
• CICD code analysis (SAST/DAST) ideally using Veracode
• Security Controls and Benchmarking

• Azure Devsecops

• Microservice Architecture (Kubernetes)

• Encryption (Key Vault)

• Terraform

• Threat Modelling

• Demonstrated Security and Development Operational expertise:
• Authentication and Identity Governance (AzureAD, Identity and Access Management, OAuth 2.0, OpenID, Conditional Access)
• Container security (Docker and Runtime)
• Azure SQL Server and Azure Cosmos DB
• Azure Block Storage and Data Caching
• .net, C#, REST API
• CICD code analysis (SAST/DAST) ideally using Veracode
• Security Controls and Benchmarking

Experience – Desirable

• OWASP Application Security Verification Standards
• Azure Policy and Compliance
• OWASP Application Security Verification Standards
• Azure Policy and Compliance
• Cloud security certification e.g.
• Certified Cloud Security Professional (CCSP)
• GIAC Secure Software Programmer (GSSP)
• GIAC Cloud Security Automation (GCSA)
• Certificate of Cloud Security Knowledge (CCSK)
• Certified Cloud Security Professional (CCSP)
• GIAC Secure Software Programmer (GSSP)
• GIAC Cloud Security Automation (GCSA)
• Certificate of Cloud Security Knowledge (CCSK)

The base salary range for this position in the firm’s Chicago, IL and Cleveland, OH offices only is between $96,000 and $144,000 per year.

At Grant Thornton, we believe in making business more personal and building trust into every result – for our clients and you. Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support. It’s what makes us different, and we think being different makes us better. 

In the U.S., Grant Thornton delivers professional services through two specialized entities: Grant Thornton LLP, a licensed, certified public accounting (CPA) firm that provides audit and assurance services ― and Grant Thornton Advisors LLC (not a licensed CPA firm), which exclusively provides non-attest offerings, including tax and advisory services.

In 2025, Grant Thornton formed a multinational, multidisciplinary platform with Grant Thornton Ireland. The platform offers a premier Trans-Atlantic advisory and tax practice, as well as independent American and Irish audit practices. With $2.7 billion in revenues and more than 50 offices spanning the U.S., Ireland and other territories, the platform delivers a singular client experience that includes enhanced solutions and capabilities, backed by powerful technologies and a roster of 12,000 quality-driven professionals enjoying exceptional career-growth opportunities and a distinctive cross-border culture.

Grant Thornton is part of the Grant Thornton International Limited network, which provides access to its member firms in more than 150 global markets.