Staff Application Security Engineer

About The Position

Requirements

• 5+ years of combined experience in application security and identity & access management (IAM), with a proven track record of supporting application development teams.
• Deep knowledge of application security principles, secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and zero-trust architecture.
• Hands-on experience with security testing tools (SAST, DAST), Web Application Firewalls (WAF), and IAM platforms (e.g., Okta, AWS IAM).
• Proficiency in programming languages such as Java, Python, or JavaScript.
• Strong familiarity with cloud environments (AWS, GCP) and their native security and identity controls.
• Demonstrated expertise in threat modeling and designing defense-in-depth strategies for complex applications.
• Solid understanding of modern identity standards and technologies, including MFA, SSO, and WebAuthn.
• Excellent communication and collaboration skills, with the ability to articulate technical findings and security risks to diverse audiences.
• Strong critical thinking and creative problem-solving skills, with the ability to analyze systems from an attacker's perspective and devise effective countermeasures.

Nice To Haves

• Experience with Okta and Salesforce security principles and best practices.
• Certifications (preferred): Certified Information Systems Security Professional (CISSP), Certified Application Security Engineer (CASE), or similar credentials.

Responsibilities

• Assess potential attack vectors and design defense-in-depth strategies that address gaps across infrastructure, 1st and 3rd party applications, and identity management.
• Partner with application development teams to integrate security into every stage of the development lifecycle.
• Champion secure coding standards, conduct security code reviews, and provide expert guidance to minimize vulnerabilities before production.
• Design, implement, and manage identity security solutions across 1st and 3rd party applications.
• Showcase hands-on experience in implementing strategies like Zero Trust architecture and modern authentication standards like WebAuthn.
• Design, implement, and fine-tune application security controls like SAST/DAST vulnerability scanning and standardizing secure coding practices.
• Establish and improve operational processes to ensure their continued effectiveness.
• Develop and maintain security policies and standards for both application and identity security.
• Provide ongoing training to developers to elevate secure coding practices.
• Use strong critical thinking and communication skills to present complex technical concepts to business stakeholders, gain alignment, and independently drive security initiatives forward.

Benefits

• Medical/Dental/Vision Insurance
• Life Insurance
• Disability Insurance
• 401k Plan + Company Match
• Stock Purchase Plan
• Paid Vacations/Holidays
• Paid Baby Bonding Leave
• Employee Discounts
• PowerU - 100% Funded Education Programs
• Employee Donation Matching
• Volunteer Hour Rewards