Senior Application Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Security Integration: Collaborate with development and DevOps teams to embed security practices within the software development lifecycle (SDLC).

• Vulnerability Management: Identify, evaluate, and mitigate security vulnerabilities across applications, infrastructure, and cloud environments.

• AWS Security: Establish and uphold security measures in AWS, including IAM policies, security groups, VPC configurations, and monitoring protocols.

• DevOps Security: Work alongside DevOps teams to integrate security best practices within CI/CD pipelines, encompassing automated testing, secure code reviews, and infrastructure as code (IaC) security.

• Threat Modeling: Execute threat modeling and risk assessments to pinpoint potential security threats and formulate mitigation strategies.

• Incident Response: Aid in the creation and implementation of incident response plans, including the identification and management of security incidents.

• Compliance & Best Practices: Ensure that all systems and applications adhere to pertinent security standards, regulations, and best practices (e.g., OWASP, NIST, ISO 27001).

• Security Training: Offer security training and guidance to engineering teams to foster secure coding and infrastructure management practices.

• Continuous Improvement: Regularly monitor, assess, and enhance security practices, tools, and processes.

⛳️ Requirements

• A Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.

• Over 8 years of experience in application security or a similar role.

• Extensive knowledge of AWS security services and best practices.

• Familiarity with DevOps tools and methodologies, including CI/CD pipelines, containerization, and IaC.

• Proficiency in at least one programming language (e.g., Python, Go).

• Solid understanding of web application security (e.g., OWASP Top Ten) and secure coding principles.

• Knowledge of security tools and technologies such as SAST, DAST, SIEM, and WAFs.

• Capability to work effectively within a team environment and collaborate with engineers, developers, and other stakeholders.

• AWS Certified Security – Specialty or a comparable certification.

• Experience in container security (e.g., Docker, Kubernetes).

• Understanding of modern authentication and authorization protocols (e.g., OAuth, SAML, JWT), along with knowledge of secure coding frameworks and libraries.

🏝️ Benefits

• Flexible vacation

• Medical/dental/vision insurance

• Traditional/Roth retirement savings options

• Company-paid disability and life insurance

• Flexible Spending Account & Limited FSA

• Family-friendly parental leave, volunteer and voting time off

• On-demand wellness platform access for you and 5 friends and family

• PerkSpot discount program for 900+ merchants nationwide