Senior Application Security Engineer
New
LATAM / United StatesFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 6+ years
- Required Skills
- AWSPythonJavascriptKubernetesGoCI/CDTerraform
Requirements
- 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
- Strong experience integrating security into modern SDLC pipelines
- Hands-on experience with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.)
- Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation)
- Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries
- Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF)
- Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies)
- Hands-on with Terraform, Helm, and GitOps practices
- Familiarity with security tooling (Trivy, Falco, Snyk, Aqua)
- Knowledge of networking, encryption, and cloud-native security best practices
- Proven track record in partnering with product and engineering teams to drive security adoption
- Excellent communication and teamwork abilities
Responsibilities
- Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams
- Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions)
- Partner with developers on new features and systems to identify risks early in the lifecycle
- Implement best practices for secrets handling, API authentication/authorization, and data protection
- Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster
- Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution
- Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements
- Implement monitoring, alerting, and remediation for security incidents across our platform
- Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates
- Design and maintain least-privilege IAM roles, secrets management, and authentication flows
- Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others
View Full Description & ApplyYou'll be redirected to the employer's site