
Senior Application Security Engineer
Posted 16 hours ago

Posted 16 hours ago
This is a fully remote position, open to applicants in Argentina.
• Establish and uphold best practices for secure coding, dependency management, and design reviews within engineering teams.
• Integrate and oversee SAST, DAST, and SCA tools in CI/CD pipelines (e.g., GitHub Actions).
• Collaborate with developers on new features and systems to detect risks early in the development lifecycle.
• Implement best practices for handling secrets, API authentication/authorization, and data protection.
• Create security guidelines, training, and reusable libraries/patterns to enable teams to deliver secure code more efficiently.
• Assess and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring prompt resolution.
• Serve as a liaison between application developers and platform engineers to align application security with infrastructure and compliance needs.
• Establish monitoring, alerting, and remediation processes for security incidents across our platform.
• Scan and address vulnerabilities in container images, OS packages, dependencies, and IaC templates.
• Design and sustain least-privilege IAM roles, secrets management, and authentication processes.
• Automate evidence collection and control enforcement for SOC 2, ISO 27001, and other standards.
• Over 6 years of experience in security engineering, DevSecOps, or similar roles, including experience at scale.
• Strong communication and teamwork skills.
• Extensive experience in integrating security within modern SDLC pipelines.
• Proficient with AppSec tools (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.).
• Solid understanding of web application security (OWASP Top 10, API security, authentication flows, input validation).
• Familiarity with AWS/Kubernetes security practices.
• Strong programming skills (Python, Go, or JavaScript) for building tools, writing secure code, and contributing to developer libraries.
• Proven success in collaborating with product and engineering teams to promote security adoption without hindering productivity.
• Strong skills in AWS security (IAM, KMS, Security Hub, GuardDuty, WAF).
• Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies).
• Practical experience with Terraform, Helm, and GitOps methodologies.
• Familiarity with security tools (Trivy, Falco, Snyk, Aqua).
• Knowledge of networking, encryption, and cloud-native security best practices.
• Canary Days: Each month, we offer company-wide days off to ensure there is at least one extended weekend or day off.
• Self Improvement Club: Each individual receives a budget for any purchases that contribute to their self-improvement goals.
• Professional Development Chats: We provide funding to facilitate cross-functional professional development discussions across the organization.
• Travel Reimbursement: Team members can visit our offices in New York, San Francisco, or Dallas at their convenience and receive a travel stipend for doing so.
• Personal Travel Reimbursement: If you stay at a hotel partnered with Canary, we offer a credit towards your stay.
Barry-Wehmiller
SGS
Armstrong Fluid Technology
Convatec
Get handpicked remote jobs straight to your inbox weekly.