Application Security Engineer

Awardco•Lindon, UT

About The Position

Awardco is reimagining the workplace to be more rewarding, supportive, and fun for everyone. As one of the fastest-growing companies in the employee experience industry, our mission is to help employees love what they do, love where they work, and get recognized for their efforts—especially our own employees! And as winners of Glassdoor’s Best Places to Work, Best in Brightest in the Nation, and Great Place to Work, we do much more than talk the talk. We’re looking for an Application Security Engineer joining our IT & Security team to build and mature our application security program as we continue to scale our SaaS platform. In this role, you’ll partner closely with product, engineering, and operations teams to design, build, and ship secure features — without slowing down creativity and innovation. You’ll own the secure software development lifecycle, lead security reviews for new capabilities, and help drive a culture where every engineer treats security as part of quality. You’ll also play a key role in enabling developers, building the skills and tooling they need to own security in their code through secure coding guidance, training, and a strong Security Champions program. If you enjoy rolling up your sleeves, solving real-world security problems, and making cloud products safer by design, this role is for you.

Requirements

6+ years of experience in application security or in software engineering with a strong security focus for web applications or APIs.
Hands‑on experience securing cloud‑hosted, multi‑tenant SaaS applications on a major public cloud platform.
Strong understanding of web and API security fundamentals (authentication, authorization, session management, data validation, encryption, multi‑tenant isolation, etc.).
Deep familiarity with the OWASP Top 10, common vulnerability classes, and practical exploitation/remediation techniques.
Experience with one or more modern programming languages (for example: JavaScript/TypeScript, Java, C#, Python, or Go) and the ability to read and reason about production code.
Hands‑on experience with application security tooling, such as Static analysis (SAST), Dynamic analysis (DAST), Dependency and container scanning, and API security testing tools or frameworks.
Experience working with modern and AI-assisted security tooling (e.g., GitHub Advanced Security, Snyk, Wiz, or similar) and integrating them into CI/CD pipelines to improve developer experience and reduce risk.
Solid understanding of CI/CD pipelines and how to integrate security testing into automated workflows.
Ability to translate complex security issues into clear, actionable guidance for engineers and product partners.
Comfortable balancing risk, user experience, and delivery timelines in a fast‑moving environment.
Strong ownership mindset and Collaborative, low‑ego approach with a focus on building trust and partnership across teams.
Demonstrated ability and desire to train and mentor developers in secure coding best practices, enabling them to confidently build and ship secure features over time.

Nice To Haves

Experience helping support or respond to external pen tests, bug bounty reports, or coordinated disclosure.
Background working with compliance or regulatory frameworks (e.g., SOC 2, ISO 27001, PCI DSS) from the engineering side.
Relevant security certifications (e.g., OSWE, OSCP, GWAPT, CSSLP) or an equivalent track record of hands-on work.

Responsibilities

Embed security checkpoints into planning, design, development, testing, and release processes.
Partner with engineering leads to ensure new features ship with security built in, not bolted on.
Facilitate threat modeling for new services, APIs, and integrations.
Recommend secure patterns and architectures for multi-tenant SaaS and cloud-native components.
Perform targeted secure code reviews for high‑risk features and components.
Configure and tune SAST, DAST, dependency, and container scanning to reduce noise and highlight real risk.
Integrate and optimize AI-assisted application security tools (e.g., GitHub Advanced Security, Snyk, Wiz, or similar) within developer workflows to improve signal and remediation speed.
Help define and maintain secure coding standards and patterns used across engineering teams.
Triage, prioritize, and track remediation of application and API vulnerabilities across the stack.
Advise on secure use of authentication, authorization, cryptography, and data protection controls.
Help evaluate and integrate third‑party services and SDKs from a security perspective.
Provide clear, technical explanations of findings, mitigations, and residual risk.
Build and deliver pragmatic secure coding training tailored to our tech stack and common issues.
Create playbooks, checklists, and self‑service guidance for developers to help them ship secure code independently.
Champion a “secure by default” mindset across product and engineering.
Grow and enhance the Security Champions program, mentoring developers to act as local security advocates on their teams.
Assist with investigation and remediation for application‑level security incidents.
Help improve detection, logging, and alerting for application and API misuse.

Benefits

We have a revolutionary, client-approved product.
One of the fastest growing companies in the nation: 3x Inc. 500, 2x Deloitte Technology Fast 500, 2x Mountain West Capital Network Fast 100, 3x Fast 50 (Utah Business), and 3x UV50 Fastest Growing Companies (BusinessQ), to name just a few.
Great Place to Work certified, ranked in Inc. Best Workplaces, one of the Best and Brightest companies to work for, and ranked on the Salt Lake Tribune's Top Workplaces.
Backed by renowned investors, both local and national.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume