Senior Application Security Engineer

This is a fully remote position, open to applicants in Latin America.

📋 Description

• Lead application security initiatives by conducting security assessments, code reviews, and penetration testing specifically targeting applications developed in Kotlin, Java, and TypeScript.

• Identify, categorize, prioritize, and monitor the remediation of vulnerabilities, including those listed in the OWASP Top 10 and other prevalent weaknesses.

• Utilize and maintain application security tools such as Burp Suite for dynamic testing, as well as SAST, DAST, IAST tools, and other automated security scanners.

• Collaborate closely with software development teams to enforce secure coding practices and ensure Software Engineers are accountable for addressing vulnerabilities within specified SLAs.

• Incorporate security testing and automation into CI/CD pipelines to guarantee continuous security validation.

• Establish and uphold security requirements and best practices that align with industry standards such as OWASP, NIST, ISO, PCI DSS, and GDPR.

• Carry out threat modeling, risk assessments, and security design reviews for both new and existing applications.

• Foster security awareness and provide training to development teams on secure coding and vulnerability mitigation.

• Address security incidents and assist in remediation efforts.

• Recommend and implement new security tools and technologies to enhance application security posture.

• Operate in Agile and DevSecOps environments to integrate security throughout the software development lifecycle.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.

• 6-8+ years of experience in application security, secure coding, and vulnerability assessment.

• Strong development background with practical experience in Kotlin, Java, and TypeScript.

• Comprehensive understanding of OWASP Top 10, CWE, and common web and API vulnerabilities.

• Proficient with security testing tools such as Burp Suite, Fortify, Veracode, or similar.

• Experience with secure SDLC, DevSecOps practices, and the integration of security into CI/CD pipelines.

• Familiarity with authentication and authorization protocols like OAuth2, OIDC, and SAML.

• Capability to work effectively with development teams, guiding them and ensuring accountability for timely vulnerability remediation.

• Relevant certifications such as CISSP, CSSLP, OSCP, GWAPT.

• Fluency in English.

🏝️ Benefits

• 💸 Get paid in USD, Crypto, Euro, ARS. Whatever your choice! We use Rippling to make things easier for you!

• 🗺 Work remotely: design the life that you want.

• ⛱ Enjoy 15 days of vacation each year from the start date.

• 🎄 16 fully paid Argentinean holidays.

• 🩺 Healthcare Benefit: Monthly stipend to use with your preferred healthcare provider.

• 🗓️ 5-year Sabbatical: After 5 years with CookUnity, you get a 4-week paid sabbatical.

• 🐣 Paid family leave.

• 🕯 Compassionate Leave: 3-5 days each time the need arises.

• 🧘🏽‍♀️ Flexible benefits, your way: a prepaid card you can use for wellness, learning, food, and more.

• 🤖 AI-forward workplace: enterprise access to ChatGPT and Claude to help you work smarter and grow faster.

• 🧑‍🏫 Personalized English coach.