Senior Application Security Engineer (Hybrid - US)

About The Position

Requirements

• Minimum of 5 years' experience in application security experience.
• Practice and implementation with Django/Python with a clear application-security focus (production experience and impact, not theory).
• Engineering background (software or DevOps/SRE) with the ability to read/modify code, review PRs, and build PoCs.
• Experience with GitHub security, including reviewing static code scans, triage findings, eliminate noise, and drive remediation with owners.
• Experience embedding secure SDLC into Git-based workflows and CI/CD (pre-commit, pipeline gates, policy-as-code).
• Practical knowledge of SOC 2 and familiarity with NIST 800-53; can turn requirements into technical tasks and evidence.
• Ability to operate across code, app, and DevOps (containers, IaC basics, secrets, logging/monitoring).
• Clear, persuasive communication (verbal and written) and prioritization.
• Excellent time management skills with a proven ability to meet deadlines.
• Excellent interpersonal and negotiation skills.

Nice To Haves

• Bachelors degree in Computer Science or equivalent work experience preferred.
• CISSP, GIAC, Security+, AWS Security and other related security certifications.
• Prior experience reporting to or partnering with a security architect, or being the app-sec lead in a smaller org.
• Strong organizational skills and attention to detail.
• Strong analytical and problem-solving skills.
• Ability to prioritize tasks according to severity.
• Ability to adapt to the needs of the organization.
• Proficient in AWS Security services (I.E. Cloud watch, Guard Duty).

Responsibilities

• Contribute to the application security roadmap for our internal applications—prioritize risks and sequence work across codebases, application layer, and DevOps.
• Consult with engineers to communicate requirements, create actionable tickets/acceptance criteria, and drive adoption.
• Conduct pull request reviews focused on security, provide guidance on refactors, and approve/deny with clear rationale.
• Serve as a steward for SAST/scanning: review static code scan results, triage findings, eliminate noise, and drive remediation with owners.
• Build reference implementations in Django/Python (i.e. authentication patterns, input validation, secrets handling, rate limiting, geo-based access) without direct responsibility for production feature development.
• Map SOC 2/NIST to engineering work: translate requirements into stories, controls, and automated evidence in CI/CD.
• Threat modeling & architecture: navigate libraries/architectures and document secure patterns (ADRs/RFCs) that teams follow.
• Oversee security related tasks in the Software Delivery Life Cycle (SDLC) to ensure software development activities remain in compliance.
• Collaborate with software developers and code base leads.
• Act as a liaison between technical requirements from the business (i.e. security, privacy, compliance) and development teams.
• Participate as a subject matter expert in security architecture, including new designs and design reviews.
• Recommend application security improvements based on best practices, OWASP standards and other web application security frameworks.
• Review architecture and compliance-related code changes for security impact.
• Ensure compliance with all company security policies and standards.
• Manage and maintain all security related tickets, including recommendations, testing, and validation.

Benefits

• Compensation to commensurate with experience with the pay band of $119,100 - $147,400.
• Generous retirement package.
• Excellent benefits package including medical, dental and vision insurance.
• Other pre-tax contribution plans.
• Employee Stock Ownership Plan (ESOP).