Sr. Application Security Engineer

Benefits & Perks

• Everything you need to work remotely
• Unlimited PTO
• Medical/dental/vision insurance
• 401k through Charles Schwab 
• Flexible Spending Account, Limited FSA, and Health Savings Account- with an eligible health care package. 
• Company-paid short-term and long-term disability plus basic life insurance.
• Family-friendly maternity and paternity leave
• Employee assistance program (EAP) via Claremont. Get free short-term counseling for mental health, free + discounted legal consultations, free financial consultations, access to work/life consultants, and more!
• PerkSpot discount program. PerkSpot offers exclusive discounts to 900+ merchants nationwide, and has exclusive discounts up to 60% on hotels worldwide.
• Paid time off to do volunteer work in your community.
• Access to the Wellness Coach app for you and 5 family members

Key Responsibilities:

• Security Integration: Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC). 
• Vulnerability Management: Identify, assess, and mitigate security vulnerabilities in applications, infrastructure, and cloud environments. 
• AWS Security: Implement and maintain security controls in AWS, including IAM policies, security groups, VPC configurations, and monitoring. 
• DevOps Security: Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines, including automated testing, secure code reviews, and infrastructure as code (IaC) security. 
• Threat Modeling: Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategies.
• Incident Response: Assist in developing and executing incident response plans, including identifying and responding to security incidents. 
• Compliance & Best Practices: Ensure that all systems and applications comply with relevant security standards, regulations, and best practices (e.g., OWASP, NIST, ISO 27001). 
• Security Training: Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practices.
• Continuous Improvement: Continuously monitor, evaluate, and improve security practices, tools, and processes.

Qualifications

• Education: 
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience. • 8+ years of experience in application security or a related role. 
• Strong experience with AWS security services and best practices. 
• Experience with DevOps tools and practices, including CI/CD pipelines, containerization, and IaC. 


• Technical Skills: 
• Proficiency in at least one programming language (e.g., Python, Go). 
• Strong understanding of web application security (e.g., OWASP Top Ten) and secure coding practices. 
• Familiarity with security tools and technologies such as SAST, DAST, SIEM, and WAFs. 


• Soft Skills:
• Excellent verbal and written communication skills. 
• Strong problem-solving skills and attention to detail. 
• Ability to work well in a team environment and collaborate effectively with engineers, developers, and other stakeholders. 


• Preferred Qualifications: 
• AWS Certified Security – Specialty or similar certification. 
• Experience with container security (e.g., Docker, Kubernetes). 
• Familiarity with modern authentication and authorization protocols (e.g., OAuth, SAML, JWT). 
• Knowledge of secure coding frameworks and libraries.