Senior Application Security Engineer

What You’ll Do:

Work cross-functionally with software engineering, infrastructure, DevOps, and IT teams to strengthen product security. Lead security risk assessments, manual and automated testing, threat modeling, and internal training focused on secure development practices.

Support secure CI/CD pipeline development and guide engineering teams through secure design and implementation. Plan and execute internal and third-party penetration tests on critical systems, and manage remediation efforts with stakeholders.

Develop application security requirements and perform code reviews, tooling integration, and automation using SAST, DAST, and related frameworks.

Success Looks Like:

Security seamlessly integrated into each phase of the development lifecycle

Adoption of automated tooling to scale security assessments and reduce manual overhead

Strong cross-team collaboration that promotes secure engineering without slowing delivery

Continuous iteration of security controls and processes in response to new threats and technology

What You Bring:

5+ years in secure software development or application security, including experience designing security into complex systems

Deep familiarity with OWASP/CWE vulnerabilities and exploitation techniques, and the ability to guide secure remediation

Strong communication skills and ability to translate technical risk to both developers and executive stakeholders

Hands-on experience with security architecture, DevSecOps practices, and secure CI/CD integration

Experience deploying and managing tools like SAST, DAST, IAST, RASP, and WAF, and building strong vendor relationships

Knowledge of security compliance frameworks such as PCI, NIST, FedRAMP, or ISO 27001

Proficiency in Python, Go, Java, JavaScript, or similar languages

Familiarity with tools such as Burp Suite, OWASP ZAP, Metasploit, and mobile security frameworks for iOS and Android