Senior Application Security Engineer

About The Position

Requirements

• 5–8+ years in application security, product security, or security-focused software engineering
• Strong depth in web and API security, including modern auth patterns and attack techniques
• Experience securing cloud-native SaaS platforms and microservices architectures
• Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practices
• Proven ability to influence engineering teams through trust, clarity, and practical solutions
• Relationship-driven and able to build credibility quickly with engineers
• Strong communicator who can translate risk into actionable engineering work
• Pragmatic and outcome-oriented: focused on real security improvements, not bureaucracy
• Comfortable taking ownership and driving initiatives end-to-end

Responsibilities

• Own and lead Limble’s application security program, partnering with the Head of Information Security and key stakeholders to define strategy, roadmap, and measurable maturity improvements
• Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions
• Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform
• Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices
• Propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or Wiz.
• Implement and manage security testing capabilities across: SAST, SCA, SBOM (GitHub Advanced Security, Wiz, etc.) DAST (new tool selection and rollout) Vulnerability tracking and remediation workflows
• Leverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts
• Support secure architecture for web applications and APIs
• Drive secure coding enablement through: OWASP training Secure coding best practices Targeted coaching based on real issues found in the codebase
• Partner with and help scale the Security Champions program to coordinate security improvements and incident response
• Track and communicate application security program progress using clear metrics and reporting
• Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking

Benefits

• $165,000 - $185,000 annual salary
• Fully remote position
• Flexible PTO
• 13 paid company holidays
• Paid parental leave
• Health, Dental, and Vision insurance
• Employer paid Basic Life insurance and Short-Term Disability insurance
• Company contribution match for HSA and 401(k)
• Flexible Spending Accounts
• Monthly employee wellness stipend
• Opportunities for Learning and Development Reimbursement
• Pet insurance