Sr. Application Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
• 8+ years of experience in application security or a related role.
• Strong experience with AWS security services and best practices.
• Experience with DevOps tools and practices, including CI/CD pipelines, containerization, and IaC.
• Proficiency in at least one programming language (e.g., Python, Go).
• Strong understanding of web application security (e.g., OWASP Top Ten) and secure coding practices.
• Familiarity with security tools and technologies such as SAST, DAST, SIEM, and WAFs.
• Ability to work well in a team environment and collaborate effectively with engineers, developers, and other stakeholders.

Nice To Haves

• AWS Certified Security – Specialty or similar certification.
• Experience with container security (e.g., Docker, Kubernetes).
• Familiarity with modern authentication and authorization protocols (e.g., OAuth, SAML, JWT).
• Knowledge of secure coding frameworks and libraries.

Responsibilities

• Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC).
• Identify, assess, and mitigate security vulnerabilities in applications, infrastructure, and cloud environments.
• Implement and maintain security controls in AWS, including IAM policies, security groups, VPC configurations, and monitoring.
• Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines, including automated testing, secure code reviews, and infrastructure as code (IaC) security.
• Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategies.
• Assist in developing and executing incident response plans, including identifying and responding to security incidents.
• Ensure that all systems and applications comply with relevant security standards, regulations, and best practices (e.g., OWASP, NIST, ISO 27001).
• Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practices.
• Continuously monitor, evaluate, and improve security practices, tools, and processes.

Benefits

• Flexible vacation
• Medical/dental/vision insurance
• Traditional/Roth retirement savings options
• Company-paid disability and life insurance
• Flexible Spending Account & Limited FSA
• Family-friendly parental leave, volunteer and voting time off
• On-demand wellness platform access for you and 5 friends and family
• PerkSpot discount program for 900+ merchants nationwide