Remoote.app

Work from anywhere. Start here.

Free resume builderCompaniesLog in
Apply

Senior Application Security Engineer

Posted 11 days agoViewed

View full description

💎 Seniority level: Senior, 3+ years

🔍 Industry: Payment

🏢 Company: Degica👥 51-100Digital MediaLogisticsE-CommerceFinancial ServicesPayments

🗣️ Languages: English

⏳ Experience: 3+ years

Requirements:
  • Proven experience in the application security domain, with a minimum of 3 years of hands-on experience.
  • Familiarity with key application security principles, frameworks, and technologies (e.g., CWE, MITRE, OWASP, CIS Benchmarks)
  • Strong understanding of security principles and practices.
  • Previous experience as a developer is highly desirable.
  • Familiarity with application security assessment tools.
  • Experience with end-to-end vulnerability management (e.g., SAST and DAST).
  • Technical knowledge to understand vulnerability risk and remediation steps.
  • DevSecOps experience, building security controls into CI/CD pipelines (GitHub actions, CircleCI, GitLab CI/CD).
  • Familiar with security hardening standards and implementation.
  • Working proficiency in Japanese is helpful but not necessary.
Responsibilities:
  • Build the Application Security Program
  • Develop policies, procedures, and standards to safeguard our applications.
  • Conduct risk assessments and implement controls to mitigate security threats.
  • Help manage external pentesting required to meet regulatory compliance.
  • Integrate Security into the SDLC
  • Implement and manage a Secure Software Development Life Cycle (SSDLC) process.
  • Design, implement, and operate a DevSecOps program with automated security testing in our CI/CD pipelines.
  • Guide development teams in integrating security best practices.
  • Manage a security bug-bounty program, responding to reports in a timely manner and ensuring fixes are tested and implemented by our developers.
  • Foster a Secure Code Culture
  • Promote application-security awareness and best practices across all teams.
  • Conduct code reviews and provide guidance on secure coding practices and secure software architecture.
  • Provide training and resources to development teams to ensure secure coding practices.
Apply

Related Jobs

Apply
🔥 Senior Application Security Engineer - Octopus by RTG
Posted 11 days ago

🏢 Company: robusta

Posted 11 days ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted 11 days ago

📍 United States, Canada, United Kingdom

🧭 Full-Time

💸 141600.0 - 212400.0 USD per year

🔍 Software Development

  • Solid knowledge of common appsec vulnerabilities and their prevention (e.g., OWASP Top 10, SANS Top 25).
  • Experience in security testing, including code review, SAST, DAST, and vulnerability scanning.
  • Familiarity with incorporating security measures into all phases of software development, from initial concept to final launch including “Shift Left” security.
  • Experience with SIEM, WAF, Risk Management Platforms, SAST/DAST or similar security tools.
  • Deep understanding of cloud security best practices and challenges, with specific expertise in AWS security services and architectures or equivalent.
  • Must be proficient in at least one scripting language (e.g., Python, Bash) to automate security tasks and integrate security tools.
  • Skilled in identifying, evaluating, prioritizing, and monitoring the remediation of security vulnerabilities.
  • Proven experience in handling security incidents, including identification, containment, and remediation.
  • Ability to clearly communicate technical security concepts to both technical and non-technical audiences, and to collaborate effectively with development, operations, and other teams.
  • Ability to analyze security issues, identify root causes, remediate and/or recommend effective solutions.
  • Participate in security projects, delivering secure and well-documented work.
  • Support SOC2 compliance and Pen Testing initiatives.
  • Deeply understand how to secure networks, applications, infrastructure, and data.
  • Utilize monitoring and vulnerability scanning tools to identify security concerns within the production environment and systems, remediate findings, or communicate them to the relevant team for triage.
  • Quickly learn the team's tech stack, security tool ecosystem, and environment.
  • Manage security projects independently, escalating when needed.
  • Meet project deadlines and investigate automation opportunities.
  • Build relationships with engineers.
  • Give actionable security feedback to developers.
  • Lead security discussions.
  • Prioritize security issues based on risk assessments.
  • Own and drive security incident response.

AWSDockerNode.jsPythonSoftware DevelopmentBashCybersecurityKubernetesCI/CDRESTful APIsDevOpsRisk ManagementScripting

Posted 11 days ago
Apply
Apply
🔥 Senior Application Security Engineer (100% remote-friendly within Poland)
Posted 15 days ago

📍 Poland

🧭 Full-Time

🔍 Software Development

  • Strong knowledge of application security, secure coding practices, and common risks and vulnerabilities.
  • Experience working as a partner with Product and Development teams
  • Being able to automate routine tasks, enhance existing solution (preferably, knowledge of Python)
  • Experience working with cloud native and containerized environments (AWS/Azure, Docker, Kubernetes), knowledge of common security practices and testing approaches
  • Strong hands-on skills with testing and securing server-side and client-side apps
  • Experience working with common security certifications and supporting the GRC team. Experience with ISO 2700X, NIST, C5, SOC2, PSI-DSS is a plus.
  • SDE background is a plus
  • Testing and securing AI-based projects (LLM, RAG, diffusion models, fine-tuning pipelines, prompt injection, model extraction, data poisoning) is a plus
  • Experience with .NET, PHP, and Javascript environments is a plus
  • Collaborating with our development teams to build a secure SDLC that integrates security at every stage of the software development process.
  • Researching and configuring security tooling to provide comprehensive security coverage.
  • Defining security guidelines for our applications to ensure that every product we release is protected against any potential attacks.
  • Consulting on new products, which may include pen-testing, threat modeling, or designing secure solutions, to ensure that they meet our high standards of security.
  • Developing a vulnerability management system that identifies and mitigates potential threats before they reach production.
  • Helping developers to understand security concepts and practices to foster a culture of security within our organization.

AWSDockerPythonCloud ComputingCybersecurityKubernetesCommunication SkillsCI/CDRESTful APIs

Posted 15 days ago
Apply
Apply
🔥 Senior Application Security Engineer (Remote US)
Posted 24 days ago

  • 5+ years of direct experience in enterprise-level application security, with a strong understanding of MITRE, OWASP, SafeCode, and risk management methodologies related to integration/software testing.
  • Experience in AppSec or DevSecOps, collaborating with developers to adopt and mature secure development practices. Proficiency with SAST, SCA, DAST, IAST, RASP, and other DevSecOps tools, including deploying, maintaining, operating, and improving these tools.
  • Solid background in software development, familiar with development lifecycle processes and technologies. Experience with CI/CD pipelines and related technologies (e.g., Git, Jenkins, Maven, Chef, Puppet, Ansible, Nexus, Artifactory, NPM) and cloud-based architectures.
  • Experience overseeing the integration of cross-functional applications between disparate business units and systems.
  • Experience in business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping.
  • Collaborate with development teams to understand their needs, assess risks, and customize solutions.
  • Implement and manage security tools (SAST, SCA, DAST) and integrate solutions into CI/CD pipelines.
  • Review applications against common flaws (e.g., OWASP Top 10) and provide visibility to senior management.
  • Work with Risk & Compliance teams on audits (e.g., SOC 2, PCI-DSS, HIPAA) and recommend relevant policies.
  • Define security guardrails through automated tool policies, SLAs, and custom rules.
Posted 24 days ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted about 1 month ago

🧭 Full-Time

💸 192026.0 - 248000.0 USD per year

🔍 Software Development

🏢 Company: Virta Health👥 251-500💰 $133,000,000 Series E about 4 years agoPersonal HealthMedicalHealth CareDiabetes

  • Significant hands-on experience in application security, including threat modeling, secure coding practices, vulnerability management, and security testing (SAST, DAST, IAST).
  • Strong understanding and practical experience securing cloud-native applications and infrastructure, particularly within cloud environments (GCP strongly preferred).
  • Experience building security automation and implementing security controls using Infrastructure as Code (IaC) principles (e.g., Terraform).
  • Assess our current security controls within GCP and Kubernetes, identify areas for improvement, and drive the maturation of our security posture from good to great.
  • Partner closely with Engineering, Product, and Platform teams to integrate security best practices early and often ("shift-left") into the software development lifecycle.
  • Design, implement, and manage security tooling and automation to streamline vulnerability detection, remediation, and compliance verification.
Posted about 1 month ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted 3 months ago

📍 United States, Canada

🧭 Full-Time

🔍 Information Technology

  • 6+ years of Information Technology experience
  • 3+ years with Static Application Security Testing
  • 2+ years with Java, Python, .NET, or C#
  • 3+ years with Burp Suite
  • Experience with OWASP frameworks
  • Remediate application security flaws
  • Lead security discussions with application teams
  • Perform dynamic and static application performance testing

PythonEclipseJavaC#.NETLinux

Posted 3 months ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted 3 months ago

🧭 Full-Time

🔍 Software Development

🏢 Company: AssuredCloud Data ServicesB2BCloud SecurityCyber Security

  • Experience developing best practices for security in a growing team, with a strong understanding of web application architecture.
  • Proficiency in cloud-based application security, container security, and DevSecOps practices.
  • Hands-on experience writing secure code (our stack includes TypeScript/Node.js/React, but we value great engineers regardless of stack).
  • Familiarity with industry standards and regulations, such as SOC 2 Type II.
  • Strong problem-solving and analytical skills, with the ability to assess risks and implement effective solutions.
  • Excellent communication and collaboration skills, enabling you to work effectively across teams.
  • Develop and implement security measures to safeguard infrastructure, applications, and data from threats.
  • Perform regular security assessments and penetration testing to identify vulnerabilities and ensure compliance with security standards.
  • Collaborate with engineers to design and deploy security solutions tailored to business needs.
  • Monitor and analyze network traffic and security logs to detect and respond to potential incidents.
  • Provide ongoing support and maintenance to ensure the continued protection of our systems.
  • Stay updated on the latest security trends to proactively address emerging threats and integrate best practices.
Posted 3 months ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted 3 months ago

📍 United States, Canada

🧭 Full-Time

🔍 FinTech

🏢 Company: Imprint

  • 5+ years in cybersecurity, specifically focused on Application Security.
  • Hands-on coding experience and familiarity with modern development stacks (e.g., microservices, REST APIs, containerized environments).
  • Proficiency with SAST/DAST tools, threat modeling methodologies (e.g., MITRE ATT&CK), cryptography concepts (key management, encryption standards), and cloud security services (AWS, GCP, or Azure).
  • Excellent communication, collaboration, and problem-solving skills in a fast-paced, cross-functional setting.
  • Conduct systematic threat modeling (e.g., leveraging the MITRE ATT&CK framework) to identify risks, define attack paths, and propose mitigations early in the development lifecycle.
  • Perform in-depth security architecture reviews to ensure applications and microservices follow secure design principles.
  • Collaborate with engineering teams to conduct code reviews, pinpoint vulnerabilities, and champion OWASP Top 10 best practices.
  • Integrate SAST and DAST into CI/CD pipelines, ensuring continuous and automated detection of security flaws.
  • Analyze testing reports and guide teams toward swift, effective remediation strategies.
  • Perform or coordinate targeted penetration tests on critical applications and systems.
  • Document findings and partner with engineers to implement sustainable fixes.
  • Advise on symmetric and asymmetric encryption mechanisms to safeguard data at rest and in transit.
  • Oversee secure key management, ensuring cryptographic libraries and protocols are properly utilized.
  • Develop and deliver training on secure coding fundamentals and OWASP principles.
  • Lead the “shift-left” security movement by embedding security considerations in early stages of development—a strong development background is required to effectively collaborate and coach.
  • Investigate and document application-focused security incidents.
  • Maintain and refine incident response playbooks, integrating lessons learned into ongoing improvements.
  • Align AppSec practices with PCI DSS, SOC 2, and relevant frameworks to support regulatory audits.
  • Work closely with Risk, Fraud, and Compliance teams to ensure continuous alignment between engineering, security, and business goals.

AWSCybersecurityGCPAzureREST APICI/CDMicroservicesCompliance

Posted 3 months ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted 3 months ago

📍 United States

🧭 Full-Time

💸 152850.0 - 244560.0 USD per year

🔍 Cloud Software

🏢 Company: Axon👥 1001-5000💰 $246,000,000 Post-IPO Equity almost 7 years agoGovTechElectronicsHardwareSoftware

  • Proficiency in Python, Java, Go, or C#
  • Strong experience with CI/CD workflows
  • In-depth understanding of vulnerabilities
  • Experience with security tools like Snyk and Semgrep
  • Knowledge of cloud platforms and containerization
  • Build and maintain security automation tools
  • Partner with engineering teams on secure architectures
  • Act as a trusted advisor for development teams
  • Deploy static, dynamic, and dependency scanning tools
  • Lead vulnerability management efforts
  • Create and enhance security automation tools

AWSDockerPythonGCPKubernetesC#AzureGoCI/CD

Posted 3 months ago
Apply

Related Articles

How to Overcome Burnout While Working Remotely: Practical Strategies for Recovery

Posted about 1 month ago

How to Overcome Burnout While Working Remotely: Practical Strategies for Recovery

Burnout is a silent epidemic among remote workers. The blurred lines between work and home life, coupled with the pressure to always be “on,” can leave even the most dedicated professionals feeling drained. But burnout doesn’t have to define your remote work experience. With the right strategies, you can recover, recharge, and prevent future episodes. Here’s how.



Read More

Top 10 Skills to Become a Successful Remote Worker by 2025

Posted 5 days ago

Top 10 Skills to Become a Successful Remote Worker by 2025

Remote work is here to stay, and by 2025, the competition for remote jobs will be tougher than ever. To stand out, you need more than just basic skills. Employers want people who can adapt, communicate well, and stay productive without constant supervision. Here’s a simple guide to the top 10 skills that will make you a top candidate for remote jobs in the near future.

Read More

Weekly Digest: Remote Jobs News and Trends (August 11 - August 18, 2024)

Posted 9 months ago

Google is gearing up to expand its remote job listings, promising more opportunities across various departments and regions. Find out how this move can benefit job seekers and impact the market.

Read More

Weekly Digest: Remote Jobs News and Trends (August 5 - August 11)

Posted 10 months ago

Read about the recent updates in remote work policies by major companies, the latest tools enhancing remote work productivity, and predictive statistics for remote work in 2024.

Read More

Tech Layoffs and the New Dynamics of Remote Jobs

Posted 10 months ago

In-depth analysis of the tech layoffs in 2024, covering the reasons behind the layoffs, comparisons to previous years, immediate impacts, statistics, and the influence on the remote job market. Discover how startups and large tech companies are adapting, and learn strategies for navigating the new dynamics of the remote job market.

Read More