Senior Application Security Engineer

New
LATAM / United StatesFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page

Job Details

Experience
6+ years
Required Skills
AWSPythonJavascriptKubernetesGoCI/CDTerraform

Requirements

  • 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
  • Strong experience integrating security into modern SDLC pipelines
  • Hands-on experience with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.)
  • Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation)
  • Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries
  • Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF)
  • Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies)
  • Hands-on with Terraform, Helm, and GitOps practices
  • Familiarity with security tooling (Trivy, Falco, Snyk, Aqua)
  • Knowledge of networking, encryption, and cloud-native security best practices
  • Proven track record in partnering with product and engineering teams to drive security adoption
  • Excellent communication and teamwork abilities

Responsibilities

  • Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions)
  • Partner with developers on new features and systems to identify risks early in the lifecycle
  • Implement best practices for secrets handling, API authentication/authorization, and data protection
  • Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution
  • Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements
  • Implement monitoring, alerting, and remediation for security incidents across our platform
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others
View Full Description & ApplyYou'll be redirected to the employer's site
View details
Apply Now