Python/Django Senior Application Security Engineer (Hybrid - US)

Minimum of 5 years' experience in application security experience. Practice and implementation with Django/Python with a clear application-security focus. Engineering background (software or DevOps/SRE) with the ability to read/modify code, review PRs, and build PoCs. Experience with GitHub security, including reviewing static code scans, triage findings, eliminate noise, and drive remediation with owners. Experience embedding secure SDLC into Git-based workflows and CI/CD. Practical knowledge of SOC 2 and familiarity with NIST 800-53. Ability to operate across code, app, and DevOps (containers, IaC basics, secrets, logging/monitoring). Clear, persuasive communication (verbal and written) and prioritization. Excellent time management skills with a proven ability to meet deadlines. Excellent interpersonal and negotiation skills.

Contribute to the application security roadmap for internal applications. Consult with engineers to communicate requirements and drive adoption. Conduct pull request reviews focused on security. Serve as a steward for SAST/scanning: review static code scan results and triage findings. Build reference implementations in Django/Python. Map SOC 2/NIST to engineering work. Threat modeling & architecture: navigate libraries/architectures and document secure patterns. Oversee security related tasks in the Software Delivery Life Cycle (SDLC). Collaborate with software developers and code base leads. Act as a liaison between technical requirements from the business and development teams. Participate as a subject matter expert in security architecture. Recommend application security improvements based on best practices, OWASP standards. Review architecture and compliance-related code changes for security impact. Ensure compliance with all company security policies and standards. Manage and maintain all security related tickets.