Application Security Engineer

About The Position

Requirements

• 3–7+ years of experience in Application Security, Product Security, or related engineering roles.
• Strong understanding of secure coding practices, common vulnerabilities (OWASP Top 10), and modern SDLC.
• Experience working with cloud‑native applications, ideally in AWS.
• Understanding of SSL certificates & cryptographic key management
• Hands‑on experience with SAST, DAST, WAFs, and/or mobile application security tools.
• Ability to partner effectively with developers and influence secure design decisions.
• Familiarity with GitHub‑based workflows and CI/CD pipelines.

Nice To Haves

• Development experience with Ruby on Rails or similar dynamic languages.
• Knowledge of AWS ECS/EKS, container security, secrets management and infrastructure‑as‑code (CloudFormation, Terraform).
• Experience building or maturing an AppSec program from early stages.
• SOAR Automation & Scripting experience
• Experience working in a PCI compliant environment working with annual reporting needs

Responsibilities

• Lead and evolve the company’s application security strategy, roadmap, and day‑to‑day operations.
• Serve as the primary AppSec partner for numerous dev teams working on Ruby on Rails web apps, React Native mobile apps, and various other projects including Python and Go.
• Provide security guidance during design, development, and code review for new features and projects.
• Drive adoption of secure coding practices and threat‑modeling across engineering teams.
• Manage and optimize existing AppSec tooling, including: GitHub Advanced Security (SAST, SCA, Secret Scanning) Invicti (DAST) Hadrian (ASM) AppDome (mobile application security) Cloudflare WAF
• Improve automation and integration of security tools into CI/CD pipelines.
• Identify and implement additional tools or processes to strengthen the security posture.
• Build and maintain secure development standards, playbooks, and training materials.
• Partner with engineering teams during sprint planning and feature design to proactively address risks.
• Conduct security reviews, code assessments, and vulnerability triage with development teams.
• Work with DevOps to ensure secure AWS infrastructure deployments and configurations.
• Contribute to hardening efforts across ECS, IAM, networking, and supporting cloud services.
• Assist in designing and maintaining secure CI/CD workflows.
• Lead or support investigation and remediation of application‑level vulnerabilities.
• Monitor, prioritize, and track findings from SAST/DAST/ASM tools.
• Collaborate with engineering to ensure timely and effective remediation.

Benefits

• Considerable employer contributions for health, dental, and vision programs
• Generous PTO, paid holidays, and paid parental leave
• 401(k) matching program
• Merit advancement opportunities
• Career development & training
• We cultivate an environment of community, connection, and belonging across our entire organization.