Application Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 1-3+ years of experience in Application Security, DevSecOps, or Cloud Security Engineering roles.
• Hands-on experience with AWS security services (Security Hub, GuardDuty, Inspector, Macie, IAM, KMS).
• Familiarity with Wiz or similar CSPM platforms.
• Proven experience integrating SAST/DAST tools (e.g., Soar Cloud, Veracode, Snyk, Checkmarx, Burp Suite, etc.) into CI/CD pipelines.
• Familiarity with Docker, K8S, and microservices-based architectures.
• Experience with WAF, endpoint security, and IAM
• Strong understanding of secure software development lifecycle (SSDLC) and common vulnerabilities (OWASP Top 10, CWE, CVSS).
• Proficiency in at least one scripting or automation language (Python, Bash, or similar).
• Proficiency in Java
• Knowledge of threat modeling, code review, and cloud infrastructure security best practices.
• Excellent collaboration and communication skills with both technical and non-technical stakeholders.

Nice To Haves

• Experience with compliance frameworks such as SOC 2, HIPAA, or HiTrust is a plus.
• Experience working in a high-growth or regulated environment is preferred.

Responsibilities

• Design, implement, and manage application and cloud security tooling across AWS, including Security Hub, GuardDuty, Macie, Inspector, and related automation.
• Lead the deployment and configuration of Wiz CSPM, collaborating with infrastructure and DevOps teams to enhance visibility and remediation workflows
• Manage secure code scanning processes, integrating SAST (Static Analysis) and DAST (Dynamic Analysis) using Sonar Cloud to identify and remediate vulnerabilities early in the SDLC.
• Develop automated pipelines and playbooks for vulnerability triage, remediation tracking, and reporting of metrics. (MTTD, MTTR)
• Partner with software engineering teams to embed security into CI/CD pipelines and promote secure coding practices.
• Collaborate with the Security, IT, and GRC teams to ensure alignment with SOC 2, HIPAA, and SOX controls.
• Contribute to threat modeling, code review, and incident response related to application vulnerabilities.
• Evaluate and implement new security tools and processes to enhance the overall application security posture.
• Support vendor risk assessments and penetration testing efforts related to application components.
• Create and maintain security documentation, architecture diagrams, and operational runbooks.
• Participate in on-call rotations as part of the broader security operations program.
• Other duties as assigned

Benefits

• A competitive compensation package in line with leading technology companies
• A remote and accomplished global team
• Opportunity for equity participation
• Unlimited vacation with manager approval
• 16 weeks of 100% paid parental leave for delivering parents; 8 weeks of 100% paid parental leave for non-delivering parents
• 100% Employer sponsored healthcare, dental, and vision for you, and 80% coverage for your family; Health Savings Account and Flexible Spending Account options
• 401k retirement savings plan