Senior Application Security Engineer
B
BranchFinTech
REMOTE within the United States of AmericaFull-TimeSenior
Salary180000 - 190000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5–7 years
- Required Skills
- PythonBashKubernetes
Requirements
- 5–7 years of experience in a security engineering or application security role
- Strong communication skills
- Hands-on SAST/DAST experience
- Familiarity with tools such as Semgrep, Snyk, Checkmarx, Burp Suite Pro, or equivalents
- Demonstrated ability to independently work security incidents end-to-end
- Experience securing cloud-native environments, including IAM, container/Kubernetes workloads, and serverless functions
- Solid working knowledge of API security standards (OWASP API Top 10, OAuth 2.0/OIDC, JWT hardening)
- Scripting proficiency in Python and/or Bash for automation and tooling
- Strong ethics and discretion
- Familiarity with AI/LLM security risks and emerging standards (OWASP LLM Top 10, MITRE ATLAS)
Responsibilities
- Embed security into the SDLC by partnering with Engineering to implement secure design patterns, conduct threat modeling, and deliver developer-focused AppSec training
- Lead and perform application security assessments including SAST, DAST, SCA, and manual code review across web, mobile, and API surfaces
- Drive API security across internal and external services — including authentication, authorization, rate limiting, and abuse prevention controls
- Own and mature the vulnerability management program, including prioritization frameworks, SLA tracking, and cross-functional remediation coordination
- Champion software supply chain security initiatives, including SBOM generation, dependency risk analysis, and third-party component vetting
- Assist GRC with technical third-party risk reviews and vendor security assessments
- Respond to and lead security incidents in a measured, programmatic, and timely manner — from identification through post-incident review
- Implement and iterate on security automation and orchestration to improve detection, response, and coverage at scale
- Implement, monitor, and continuously improve security controls across cloud infrastructure, endpoints, and the product
- Assess and mitigate AI-specific security risks across Branch's use of LLMs and AI-powered features, including prompt injection, model abuse, and insecure output handling
View Full Description & ApplyYou'll be redirected to the employer's site
