Senior Application Security Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, or related field.
• 6-8+ years of experience in application security, secure coding, and vulnerability assessment.
• Strong development background with hands-on experience in Kotlin, Java, and Typescript.
• Deep understanding of OWASP Top 10, CWE, and common web and API vulnerabilities.
• Proficient with security testing tools such as Burp Suite, Fortify, Veracode, or similar.
• Experience with secure SDLC, DevSecOps practices, and integrating security into CI/CD pipelines.
• Familiarity with authentication and authorization protocols like OAuth2, OIDC, and SAML.
• Ability to work effectively with development teams, guiding and holding them accountable for timely vulnerability remediation.
• Relevant certifications such as CISSP, CSSLP, OSCP, GWAPT.
• Fluency in English.

Nice To Haves

• Knowledge of cloud security (AWS, GCP, Azure) and container security (Docker, Kubernetes) is a plus.

Responsibilities

• Lead application security efforts by performing security assessments, code reviews, and penetration testing focused on applications developed in Kotlin, Java, and TypeScript.
• Identify, classify, prioritize, and track remediation of vulnerabilities such as those listed in the OWASP Top 10 and other common weaknesses.
• Use and maintain application security tools such as Burp Suite for dynamic testing, SAST/DAST/IAST tools, and other automated security scanners.
• Collaborate closely with software development teams to enforce secure coding standards and hold Software Engineers accountable for patching vulnerabilities within defined SLAs.
• Integrate security testing and automation into CI/CD pipelines to ensure continuous security validation.
• Define and maintain security requirements and best practices aligned with industry standards such as OWASP, NIST, ISO, PCI DSS, and GDPR.
• Conduct threat modeling, risk assessments, and security design reviews for new and existing applications.
• Promote security awareness and provide training to development teams on secure coding and vulnerability mitigation.
• Respond to security incidents and support remediation efforts.
• Recommend and implement new security tools and technologies to improve application security posture.
• Work in Agile and DevSecOps environments to embed security throughout the software development lifecycle.

Benefits

• Health Insurance coverage
• 401k Plan
• We grow, you grow: Stock Options Plan granted on Day 1
• Eligible for a bi-annual performance bonus
• Unlimited PTO
• ️ 5- year Sabbatical: After 5 years with CookUnity, you get a 4-week paid sabbatical
• Paid Family leave
• Compassionate Leave: 3-5 days each time the need arises
• A generous amount of CookUnity credits to enjoy our amazing meals, added to your account, monthly
• ️ Wellness perks: access to a nutritional coach and fitness subsidies to build a healthy lifestyle
• Personalized Spanish coach
• Awesome opportunity to join a company that is looking to change how we eat and how chefs work!