Senior Application Security Engineer
New
R
RegScaleCompliance Monitoring
RemoteFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 10 or more years of application security experience
Requirements
- 10 or more years of application security experience with a track record of owning security programs.
- Deep expertise in threat modeling, secure design review, vulnerability assessment, penetration testing, and secure development practices.
- Ability to operate independently as a solo practitioner.
- Experience influencing engineering teams without direct authority.
- Strong experience integrating security into CI/CD pipelines and modern software delivery practices.
- Solid understanding of cloud security principles and application/infrastructure intersection in cloud native environments.
- Strong written and verbal communication skills.
Responsibilities
- Own the application security program end to end, identifying risks, setting priorities, building strategy, aligning stakeholders, driving implementation across engineering teams, and measuring outcomes.
- Conduct threat modeling and security design reviews early in the development process, embedding security thinking into architecture and feature design before code is written.
- Partner with developers across all engineering teams to shift security left, coaching on secure coding practices, reviewing code for vulnerabilities, and building security awareness.
- Integrate security tooling and automated security checks into CI/CD pipelines including static analysis, dependency scanning, and secrets detection.
- Own vulnerability management across the platform, triaging findings, prioritizing remediation, and driving resolution.
- Lead and coordinate penetration testing and security assessments, translating findings into engineering action.
- Define and maintain secure development standards and patterns covering authentication, authorization, API security, and data-handling.
- Bridge engineering and the external security team, translating security requirements into engineering priorities.
- Support compliance and regulatory requirements including FedRAMP, NIST, and enterprise customer security obligations.
- Assess and address security risks introduced by AI features and integrations, including prompt injection and data exposure.
View Full Description & ApplyYou'll be redirected to the employer's site
