Senior Software Engineer – Application & Cloud Security

This is a fully remote position, open to applicants in Texas.

📋 Description

• Maintain an extensive understanding of the security elements within Hypori's product/system architecture and implementation methodologies; collaborate with engineering teams on threat modeling; engage in design and architecture reviews; and interact with various scrum teams to identify and address concerns related to application security, privacy, and compliance.

• Serve as the primary AppSec authority for software engineering, security, and compliance teams. Guide engineers on application security tenets, secure design methodologies, and secure programming practices; enhance security capabilities and awareness through thought leadership and proactive involvement.

• Create and sustain software security patterns that promote security/compliance/privacy-by-default engineering, including secure coding and configuration standards, code snippets/templates for Infrastructure as Code, and hardening procedures for containerized applications.

• Spearhead the automation and integration of vulnerability management tools – encompassing SAST, DAST, and SCA tools – throughout artifact repositories, container registries, and other elements of development and build pipelines.

• Conduct security-focused code reviews upon request, offering precise guidance on security-sensitive components and implementation choices.

• Assess vulnerability and compliance testing outcomes for technical significance, verify their relevance, evaluate exposure in a system/component context, and generate user stories for remediation efforts.

• Contribute to technical compliance strategies and reinforce security across cloud infrastructure, development/QA environments, and system components (such as FIPS-validated crypto configurations and network segmentation); implement quality gates and security testing suites throughout development and build pipelines.

• Actively engage in the success of Hypori’s Security Champions program.

• Participate in Engineering on-call rotations to offer application security expertise during incident triage and response.

• Safeguard intellectual property, user data, and system integrity by (a) adhering to Hypori's established policies and procedures for secure software development and (b) following industry best practices for secure product design, implementation, and deployment across development, build, test, production, and other environments.

⛳️ Requirements

• Must be a US Citizen or a US Permanent Resident.

• A minimum of 5 years of hands-on software engineering experience, with a proven track record in building and securing production systems.

• Proficient in at least one programming language.

• Skilled in understanding and articulating the intricacies of software vulnerabilities across technology stacks, their potential impact when exploited, and strategies for mitigation.

• Experienced in the security management of cloud infrastructure services and container-based deployments.

• Knowledgeable in managing software supply chain security aspects, including addressing software security vulnerabilities in dependencies.

• Proficient in secrets management practices and tools (e.g., HashiCorp Vault, AWS Secrets Manager), including automated secrets scanning in development workflows and CI/CD pipelines.

• Well-versed in expressing concepts, practical applications, and typical implementations of identity & access management, applied cryptography, network security, and related security domains.

• Experienced with API security concepts and their application, authentication, and authorization patterns (OAuth 2.0, OIDC), alongside secure API design principles.

• Capable of clearly communicating both technical risk and the trade-offs of proposed solutions to decision-makers and peers.

• Familiar with modern CI/CD pipelines, scrum-based engineering practices, and the automation, integration, and centralized management of security and compliance tools throughout development lifecycles.

• Experienced in interpreting security and compliance frameworks and standards.

• Knowledgeable in application security testing tools and techniques, and capable of demonstrating/validating the exploitability of vulnerabilities.

• Experienced with AI/LLM-assisted tools to automate application security tasks and able to advise software engineers on the security, compliance, and privacy implications of their use.

🏝️ Benefits

• Medical, dental, and vision insurance.

• Parental leave.

• Life and disability packages.

• 401(k) plan with employer-matching contributions.

• Performance bonus.