
Web Developer, Security Engineer
Posted 5 days ago

Posted 5 days ago
This is a fully remote position, open to applicants in United States.
• Identify, assess, and address critical vulnerabilities, logic errors, insecure dependencies, and misconfigurations within web applications and APIs.
• Manage the complete vulnerability lifecycle, which includes threat modeling, security evaluations, and the technical validation of remediation efforts.
• Incorporate security measures into application architectures and APIs; provide guidance on secure design patterns and data protection strategies.
• Review and scrutinize web server and application logs to identify anomalies and signs of compromise; implement automation for threat intelligence.
• Deploy, fine-tune, and sustain Web Application Firewalls (WAF) customized for specific applications and traffic behaviors.
• Configure and supervise File Integrity Monitoring (FIM) solutions to detect and notify of unauthorized alterations to web content directories.
• Apply DevSecOps principles throughout the CI/CD pipeline; create security metrics and compliance reports based on established standards.
• Ensure that web applications and cloud infrastructures adhere to NIST SP 800-53, FISMA, and FedRAMP regulations; engage in audits and risk assessments.
• Offer Tier II support for security operations and propose ongoing security improvements.
• A Bachelor’s degree or higher in Computer Science, Cybersecurity, Information Systems, Engineering, or a related discipline.
• At least 3 years of experience in Web Application Security, Application Security Engineering (AppSec), or Secure Software Development Life Cycle (SSDLC).
• Expertise in .NET (C# MVC, WCF), HTML5, CSS3, JavaScript, REST APIs, and SQL.
• Comprehensive understanding of OWASP Top 10 and secure coding practices.
• Experience in deploying and managing WAF solutions tailored for custom web applications.
• Experience in configuring FIM solutions for web content and application directories.
• Familiarity with security testing tools such as Wireshark, SIEM, IDS/IPS, NDR, and EDR.
• Ability to utilize AI-assisted development tools (e.g., GitHub Copilot, OpenAI API) for automation in security and compliance auditing.
• Experience in implementing DevSecOps principles, including the integration of security gates within CI/CD pipelines.
• Current security certifications in AppSec, offensive security, and foundational security domains, maintained for a minimum of 5 years.
• Virtual health visits
• Commuter perks
• Pet insurance
• Entertainment discounts
• Annual performance reviews
• Tuition assistance
• Internal career growth opportunities
• Generous 401(k) matches
• Life and disability insurance
• Financial wellness tools
• Annual awards
• Service anniversaries
• Referral bonuses
• Peer-to-peer shoutouts
• Healthcare coverage
• Wellness programs
• Flu shots
• Biometric screenings
Roofr
Weekday (YC W21)
Software Mind
Axcera
Get handpicked remote jobs straight to your inbox weekly.