Senior Application Security Engineer

Hims & Hers
82d
Match Resume

About The Position

We are seeking a Senior Application Security Engineer II to join our security team. This role will focus on ensuring the security of our applications throughout the development lifecycle, with an emphasis on modern security practices including AI/ML security considerations. You will work closely with development teams to implement secure coding practices and maintain our application security posture.

Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
  • 5-8 years of experience in application security or a related security field
  • Hands-on coding experience and ability to review code in multiple languages
  • Professional experience with SAST tools (e.g., SonarQube, Checkmarx, Fortify)
  • Professional experience with DAST tools (e.g., Burp Suite, OWASP ZAP)
  • Professional experience with SCA tools (e.g., Snyk, Black Duck, WhiteSource)
  • Experience with GitHub Advanced Security features
  • Container security scanning and IaC security scanning tools experience
  • Strong understanding of OWASP Top 10 and secure coding practices
  • Experience with penetration testing methodologies
  • Knowledge of security frameworks: NIST CSF, NIST 800-53, SOC 2, PCI DSS
  • Excellent communication skills to articulate security findings to technical and non-technical stakeholders

Responsibilities

  • Conduct security assessments using SAST, DAST, and SCA tools to identify vulnerabilities in applications
  • Perform code reviews and provide secure coding guidance to development teams
  • Implement and maintain GitHub Advanced Security, including secret scanning and code scanning
  • Assess and improve security of Infrastructure as Code (IaC) deployments using Terraform
  • Evaluate container security in our Docker and Kubernetes environments
  • Support CI/CD security integration and automation
  • Conduct penetration testing and red team/purple team exercises on applications
  • Review and secure API implementations, with focus on GraphQL security
  • Evaluate AI/ML model security and implement protections against prompt injection and other AI-specific threats
  • Collaborate with the Staff AppSec Engineer on CIAM and advanced AI security initiatives
  • Maintain security documentation and contribute to security awareness training

Benefits

  • Competitive salary & equity compensation for full-time roles
  • Unlimited PTO, company holidays, and quarterly mental health days
  • Comprehensive health benefits including medical, dental & vision, and parental leave
  • Employee Stock Purchase Program (ESPP)
  • 401k benefits with employer matching contribution
  • Offsite team retreats

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

Bachelor's degree

Number of Employees

11-50 employees

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service