Software Security Engineer
About The Position
ComplyAuto is a fast-growing RegTech SaaS company helping organizations strengthen compliance, security, and operational efficiency through cloud-based software. What started in automotive privacy compliance has expanded into cybersecurity, environmental, health & safety, and legal compliance-creating exciting opportunities to build, improve, and scale in a high-impact environment. ComplyAuto is looking for a hands-on Software Security Engineer to help shape and scale our application security program. In this high-impact individual contributor role, you'll work closely with the Director of Information Security and our Development team to identify risk, strengthen our codebase, and embed security into the way we build software. This is an ideal opportunity for someone who enjoys going deeper than automated tooling, conducting manual code reviews, testing real-world application risk, and partnering directly with engineers to design secure, practical solutions. You'll play a key role in securing modern JavaScript and TypeScript applications, improving our CI/CD security practices, and driving application security initiatives across a fast-moving, high-growth SaaS environment.
Requirements
- 5–7+ years of experience in application security, software development, or a related security engineering role.
- Strong hands-on experience reviewing code and identifying vulnerabilities that automated tools may miss.
- Comfortable working in TypeScript, JavaScript, or Python.
- Familiarity with modern development environments such as React and Node.js.
- Experience securing APIs, relational databases, SaaS applications, and cloud infrastructure across AWS, Azure, or GCP.
- Experience configuring and managing SAST and DAST tools such as Snyk, Checkmarx, Veracode, Synopsys, StackHawk, Qualys, or Burp Suite.
- Strong communication skills to translate complex technical risks into practical recommendations for both technical and non-technical stakeholders.
- Familiarity with secure coding standards, web application architecture, security and compliance frameworks such as NIST CSF, CIS, SOC 2, and PCI-DSS, and regulatory requirements such as CCPA and GLBA.
- Authorized to work in the United States and provide proof of work authorization within three days of hire.
- Not residing in California, Hawaii, or Alaska.
Responsibilities
- Lead day-to-day application security efforts across ComplyAuto's software environment, including secure code reviews, threat modeling, manual security assessments, penetration testing, and vulnerability remediation.
- Work directly with developers to identify risks in JavaScript, TypeScript, React, Node.js, APIs, databases, and cloud-based SaaS applications, then provide clear, actionable guidance to fix issues at the source.
- Mature and design our application security program by developing security policies, documenting controls, implementing security testing tools, automating SAST and DAST capabilities within CI/CD pipelines, delivering secure coding training, and supporting incident response for application-related events.
Benefits
- 401(k) 5% match (1:1)
- Medical, dental, and vision insurance; premiums we pay 100% for employee and family
- HSA contribution for qualifying plans
- Unlimited Paid time off and 11 observed holidays
- Laptop and related hardware required provided
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
