Senior Application Security Engineer

Job Description

• 5+ years of experience developing or securing web-based applications
• Experience with modern Javascript (Node.JS, ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.)
• Experience with leading threat modeling and secure design reviews
• Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus.Docker & Kubernetes
• Excellent organization, time management, and attention to detailMust be action-oriented and have a proactive and collaborative approach to solving issues
• Participates in the design review process, seeking and providing constructive criticismProvides significant input into system architecture, considers scalability and performance
• Communicates technical decisions through design docs, tech talks, and the wikiProvides mentorship and technical guidance to junior and mid-level engineers
• Ability to work within an on-call shift rotationPreferredExperience working on SaaS web applications
• Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages
• Experience with building and securing CICD pipelines and incorporating supply chain security best practices.
• Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions
• Experience coordinating bug bounty and penetration testing engagements
• Leveraging, building and securing AI coding assistants, agents, and product solutions
• BS in Computer Science (or equivalent experience)

Job Responsibilities

• Working with product and engineering teams to implement security throughout the design and development process.
• Working with JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes.
• Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team.
• Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST, DAST, SCA, IAST, App Runtime.
• Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices.
• Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs.
• Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions.
• Assisting with Security Compliance activities as required.Assisting with investigation and response to security incidents and web application attacks as necessary.

Department/Project Description

Our client is looking for a passionate and experienced Sr. Application Security/Product Security Engineer, who will work along product and engineering teams to develop secure and resilient software used by some of the most security conscious customers on the planet. Supported by the InfoSec team, this position will serve as a Security liaison to the engineering team - assisting them with implementing security best practice at every layer of the SDLC, primarily focusing on threat modeling, secure design review, and triage and prioritization of application security vulnerabilities identified by the infosec team. This role will also be instrumental in the continued development of secure SDLC practices.