Staff Application Security Engineer

About The Position

Requirements

• 7+ years of experience in Application or Product Security, preferably in a SaaS or cloud-native environment
• Strong understanding of web app and API security, microservices, and containerized architectures
• Experience integrating security tooling into modern CI/CD workflows
• Proficiency with SAST, DAST, IaC scanning, and container security platforms
• Skilled in secure coding and code review for at least one major language (Python, Java, Go, JavaScript).
• Familiarity with AWS security, Kubernetes security, and DevSecOps best practices.

Nice To Haves

• Experience in data analytics or AI/ML product environments.
• Prior experience managing or integrating container runtime protection and supply chain security.
• Certifications such as OSWE, OSCP, CSSLP, AWS Security Specialty, or CISSP.

Responsibilities

• Lead application security initiatives across all SaaS products and microservices.
• Define and champion strategic security initiatives across the company.
• Conduct threat modeling, architecture reviews, and secure code assessments for both backend and frontend systems.
• Implement and manage security automation in CI/CD, integrating SAST, DAST, SCA, and container image scanning tools.
• Collaborate with engineering teams to triage, prioritize, and remediate vulnerabilities across applications and containerized workloads.
• Drive AppSec awareness and training, developing secure coding practices and guidelines.
• Evaluate and deploy container security controls, ensuring images and orchestrators (Kubernetes, ECS, etc.) follow best practices.
• Support bug bounty and vulnerability disclosure programs and coordinate penetration testing.
• Stay ahead of emerging application and container threats, and recommend preventive controls aligned with OWASP and CIS benchmarks.

Benefits

• Competitive compensation, benefits, and career growth opportunities.