YOU ARE:
The Senior Application Security Engineer plays a critical role in partnering closely with engineering and DevOps teams to ensure that security is built into our applications and infrastructure from start to finish.YOUR DAY-TO-DAY:
Identify areas for improvement in our current CI/CD pipeline and design, implement, and maintain security enhancements.
Partner with engineering teams to ensure security controls and tooling are integrated into the SDLC.
Develop and lead a threat modeling program for new and existing applications.
Identify vulnerabilities across applications and APIs. Engage engineering teams for remediation.
Collaborate with the business and engineering teams to provide guidance on security best practices, prioritization of vulnerability remediation, etc.
Evaluate, implement, and manage security tools and technologies.
Mentor and coach engineers, DevOps, and other team members to build a strong AppSec culture.
Participate in AppSec team programs, such as Security Influencers (Champions) and office hours, to cultivate relationships and trust with the business and engineering teams.
Document things like security best practices, proprietary CI/CD pipeline requirements, and AppSec processes.
Disseminate documentation across the business, engineering, DevOps, and security teams and hold training workshops, where applicable.
YOU’LL BRING:
5+ years of experience in application security engineering
Working expertise in GitHub workflows, AWS, and Azure.
Proven experience building secure pipelines for CI/CD.
Deep understanding of application security concepts, including threat modeling, risk assessment, and secure coding best practices.
Strong experience using DAST, IaC, SAST, SCA, and other security tools – and implementing them into pipelines.
Familiarity with common security frameworks (i.e., OWASP, NIST, CIS).
Strong problem-solving and analytical skills with the ability to think like an attacker – while acting as a defender.
Excellent communication and collaboration skills.
A team-oriented mindset with a passion for sharing knowledge and elevating others.
WE OFFER:
Competitive Compensation
Full Health Benefits; Medical/Dental/Vision/Life Insurance + Paid Parental Leave
Company Matched 401k
Paid Time Off + Paid Holidays + Paid Volunteer Hours
Employee Resource Groups (Black Inclusion Group, Women in Leadership, PRIDE, Adelante)
Employee Stock Purchase Program
Tuition Reimbursement
Charitable Gift Matching
Job required equipment and services