AppSec Engineer

About The Position

Requirements

• 4+ years experience in a security or development role across most of the following:
• Strong communication skills (spoken and written)
• Some of the following Languages/Frameworks: Microsoft .NET/C#, JavaScript (React and EmberJS frameworks), and Python
• At least one cloud platform: Azure, AWS or GCP (Azure predominantly)
• Working knowledge of PowerShell or Bash and Python
• Working knowledge of at least one AI development tool e.g. Claude Code, GitHub Co-Pilot etc
• Portswigger Burp or similar

Nice To Haves

• Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud related
• Experience with securing AI applications, systems and AI tooling

Responsibilities

• Partner with different areas within Karbon to ensure security is embedded from the start, from feature design and development to participating in design reviews and threat modeling.
• Balance delivery needs with security, communicating security risks and issues to non-technical stakeholders, knowing when to push back, compromise, and work with delivery teams to reach a great outcome.
• Stay up-to-date on the latest technologies and approaches, including new developments such as AI, while understanding the importance of security foundational practices like account hygiene, least privilege, attack surface reduction, and MFA.
• Identify and assess security risks introduced by AI tools, reviewing the risks of AI tooling usage & integration and AI-generated code.
• Apply AI-assisted tooling to accelerate security work, utilizing it across areas like triage, threat detection, code review, and documentation.
• Work effectively across multiple security domains, assisting with refining and investigating corporate IT security processes, reviewing cloud-hosted systems, and tweaking detection rules.
• Work effectively as part of a team, building relationships and trust across the organization to enhance Karbon’s security posture, answering questions and offering advice to teams.
• Take pride in work, feeling a deep sense of responsibility for the products developed and ensuring customer data is secure.
• Contribute creativity, curiosity, and authenticity to the team culture.
• Help measure improvement and steer the security roadmap by contributing to Security Metrics.
• Collaborate with teams to review designs & implementations for security issues and embed good security practices across software development.
• Triage issues and reports, assisting teams to remedy items and testing fixes.
• Work with external penetration test companies to validate and prioritize findings.
• Conduct risk and vulnerability assessments of web applications and APIs, and third-party suppliers and integrations.
• Configure and tune SAST, SCA, and DAST tooling.
• Work with build/deployment pipelines to incorporate security tooling (Github Actions or Azure Devops YAML based pipelines).
• Assist with implementing security-focused alerting, detections, and automations.
• Conduct and facilitate organizational & developer-focused security training.
• Assist with operational security items such as EDR alerts and MDM.
• Contribute to the security roadmap.

Benefits

• Flexible Time Off with an encouraged 4 weeks use per year
• Company paid medical for you and eligible spouse/partner and dependents
• Paid dental and vision and eligible spouse/partner and dependents
• 401(k) with company matching
• Flexible Spending Account
• Up to 8 weeks paid parental leave
• Work-from-home stipend