Senior Application Security Engineer II

New
S
Spring HealthHealth Technology
Open to candidates residing within the United StatesFull-TimeSenior
Salary$180,000 - $205,500
Apply NowOpens the employer's application page

Job Details

Experience
7+ years
Required Skills
PythonJavascriptRubyGoCI/CD

Requirements

  • 7+ years of professional experience in application security or a closely related security engineering discipline.
  • Hands-on experience with DAST, SAST, and SCA tools, and manual testing techniques (OWASP, SANS Top 25).
  • Demonstrated experience securing CI/CD pipelines with commercial and custom-built tooling.
  • Experience with IaaS cloud infrastructure (AWS, Azure, or GCP), container technologies, and service-oriented architectures.
  • Security automation experience in at least one of: Go, Python, JavaScript, or Ruby.
  • Familiarity with AI/ML security concepts—prompt injection, adversarial inputs, model supply-chain risks, and the OWASP LLM Top 10.
  • Working knowledge of AI and LLM tooling (e.g., OpenAI, Anthropic, LangChain).
  • Experience implementing controls aligned to NIST CSF, HIPAA, HITRUST, ISO-27001, or SOC-2.
  • Strong cross-functional collaboration skills.
  • Bachelor’s degree in Computer Science, Engineering, MIS, IT, or equivalent work experience.

Responsibilities

  • Contribute to the advancement of secure-by-design practices within the team’s S-SDLC program, including participation in architecture reviews, design consultations, and security guidance.
  • Mentor engineers on secure coding practices, AppSec fundamentals, and career growth.
  • Facilitate the development of an AI-assisted threat modeling program, spanning risk identification and security architecture.
  • Contribute to maturing the team’s established SAST, SCA, and DAST programs through rule tuning and coverage improvements.
  • Perform security-focused code reviews of internal and open-source libraries, prioritizing findings by exploitability and impact.
  • Support vulnerability remediation efforts by assessing impact, proposing solutions, and validating fixes.
  • Identify and implement process improvements and security automation using languages such as Go, Python, JavaScript, or Ruby.
  • Contribute to security assessments of AI-integrated product features, including LLM APIs, vector databases, and RAG pipelines.
  • Contribute to the research, design, and development of a Secure AI Development Lifecycle (ADLC) in accordance with OWASP Top 10 for LLM Applications.
View Full Description & ApplyYou'll be redirected to the employer's site
$180,000 - $205,500
Apply Now