Senior Application Security Engineer

About the Role

Requirements

• Minimum 8 years of experience in software development and testing
• BS or equivalent in Computer Science, Computer Engineering, or related field
• Proficiency in Python, NodeJS, and React
• Strong understanding of encryption, authentication, and authorization protocols
• Deep knowledge of common software flaws (OWASP, CWE) and testing methodologies
• Experience with SAST, DAST, and SCA tools and security tooling for testing
• Professional experience with cloud providers such as GCP and AWS
• Experience with secure software development lifecycles and threat modeling
• Experience conducting regular code security reviews
• Experience triaging and remediating vulnerabilities in software packages and libraries
• Experience with Web application testing frameworks such as BurpSuite and OWASP ZAP
• Experience with threat modeling tools such as OWASP Threat Dragon
• Experience in agile-based software development roles
• Experience with red teaming or penetration testing applications and infrastructure
• Strong written and verbal communication skills
• Security certifications such as OSCP, CEH, or GWAPT are a plus
• Familiarity with security frameworks such as NIST SP 800-171 and SSDF is a plus

Responsibilities

• Lead application security reviews and threat modeling
• Perform secure code reviews and architectural security assessments
• Develop and automate Secure SDLC testing
• Manage application security vulnerabilities and coordinate remediation
• Coordinate and manage penetration testing engagements
• Develop and maintain the bug bounty program
• Support engineers by defining and sharing application security best practices
• Bootstrap platform security initiatives to protect sensitive data
• Foster security champions and deliver secure code training across engineering teams

Benefits

• Paid time off (PTO)
• Holidays
• Parental leave
• Offsites and regional meetups
• Virtual coffee chats and onboarding buddies

Skills