
Senior Application Security Engineer
Posted 10 hours ago

Posted 10 hours ago
This is a fully remote position, open to applicants in California, +2 more states.
• Integration of Security Development Lifecycle (SDLC): Assist in embedding security practices throughout the comprehensive software development lifecycle, from design assessment to deployment.
• Application Security Evaluation: Conduct offensive penetration testing for web applications, internal services, and robot-side software to uncover and address vulnerabilities.
• Automation and Tooling Support: Facilitate security tools, which include Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), runtime vulnerability evaluations, and Software Bill of Materials (SBOM) systems. Familiarity with platforms such as Artifactory and GitHub Security is required.
• Threat Modeling and Security Assessments: Aid in threat modeling efforts, including security evaluations of significant software releases.
• Vulnerability Management: Oversee the lifecycle of recognized vulnerabilities, prioritizing remediation efforts based on risk levels to the fleet, proprietary code, and cloud infrastructure.
• Collaborative Efforts: Work alongside development, platform, and infrastructure teams to ensure security standards are upheld without compromising engineering efficiency.
• A minimum of 5 years of hands-on, dedicated experience in Application Security (AppSec) engineering or a comparable senior-level security position.
• Proven proficiency in Application Security engineering along with programming capabilities.
• Experience in supporting security controls within CI/CD pipelines and version control systems (e.g., GitHub, GitLab).
• Background in penetration testing and vulnerability scanning.
• Competence in at least one modern programming language (e.g., Python, Go, C++).
• Strong grasp of security best practices applicable to cloud-native, microservices, and distributed systems architecture.
• Experience with cloud security platforms such as AWS or GCP.
• Proven experience mentoring junior security engineers.
• 401(k) Plan: Features a 6% company match.
• Equity: Company stock options available.
• Insurance Coverage: Comprehensive 100% company-paid medical, dental, vision, and short/long-term disability insurance for employees.
• Benefit Start Date: Eligibility for benefits begins on your first day of employment.
• Well-Being Support: Access to an Employee Assistance Program (EAP).
• Time Off: Exempt Employees: Enjoy flexible, unlimited PTO and 12 company holidays, including a winter shutdown; Non-Exempt Employees: Receive 10 vacation days, paid sick leave, and 12 company holidays, including a winter shutdown, each year.
• On-Site Perks: Catered lunches four times a week along with a selection of healthy snacks and refreshments at our Salem and Pittsburgh locations.
• Parental Leave: Generous paid parental leave policies.
• Work Environment: A culture that fosters flexible work arrangements.
• Growth Opportunities: Access to professional development and tuition reimbursement programs.
• Relocation Assistance: Available for eligible positions.
• Annual Discretionary Bonus: Provided for qualifying roles.
Definity
Dijital Team
Rescale
BetterHelp
Get handpicked remote jobs straight to your inbox weekly.