Senior Security Engineer II

Wrapbook

23d•Remote

About The Position

As a Senior Security Engineer II at Wrapbook, you will be a critical leader in protecting our applications and infrastructure from threats. With a focus on Application Security, you will own the strategy, delivery, and execution of complex security initiatives that directly impact the security posture of our products and services. You will build secure-by-default systems, drive remediation efforts, and partner with Engineering and Product teams to ensure security is baked into every stage of the software development lifecycle. This role is ideal for someone who excels at balancing business enablement with strong security controls, loves solving complex technical and organizational problems, and can drive security maturity across a rapidly scaling, distributed environment. Although we are a remote-first company, this role requires comfort with occasional travel.

Requirements

5+ years of dedicated experience in an Application Security, Product Security, or Security Engineering role.
Expert-level knowledge of the Software Development Life Cycle (SDLC) and experience implementing security gates (SAST/DAST/SCA) within CI/CD pipelines.
Deep technical understanding of common web application security vulnerabilities (OWASP Top 10) and mitigation strategies.
Familiarity with Cloud Security (AWS, GCP, or Azure) and container security concepts.
Strong working knowledge of identity and access management (IAM), authentication protocols (OAuth, SAML), and API security best practices.
Demonstrated ability to communicate clearly, build trust, and partner effectively across technical and non-technical departments.

Responsibilities

Own and lead the delivery of large, multi-quarter Application Security and Engineering initiatives, breaking them into smaller, shippable iterations.
Dive into framework internals and improve existing complex application security architectures (e.g., microservices, authentication systems, and API security).
Balance tradeoffs and select appropriate security technologies and tooling (SAST, DAST, SCA) through researching, prototyping, and validation.
Provide guidance and incorporate guardrails for securing AI-based workflows.
Drive toward simplicity and easy-to-understand application security solutions.
Collaborate deeply with Product Engineering and DevOps teams to ensure secure technical implementations for highly complex, cross-group projects and features.
Proactively identify emerging industry threats, particularly in the application and cloud space, assess potential risk to the business, and recommend mitigative actions and controls.
Act as a trusted advisor to engineering and leadership on a broad range of application security and risk-based topics.
Operate as Incident Commander for large-scale, highly complex security incidents, focusing on application and data breach response, actively pursuing cross-functional resources as appropriate.
Partner cross-functionally on security process best practices and continuous improvement, embedding a culture of security into the SDLC.
Focus on fostering an environment of inclusion, allowing voices to be heard and valued at all levels.