Senior Application Security Engineer II
New
S
Spring HealthHealth Technology
Open to candidates residing within the United StatesFull-TimeSenior
Salary$180,000 - $205,500
Apply NowOpens the employer's application page
Job Details
- Experience
- 7+ years
- Required Skills
- PythonJavascriptRubyGoCI/CD
Requirements
- 7+ years of professional experience in application security or a closely related security engineering discipline.
- Hands-on experience with DAST, SAST, and SCA tools, and manual testing techniques (OWASP, SANS Top 25).
- Demonstrated experience securing CI/CD pipelines with commercial and custom-built tooling.
- Experience with IaaS cloud infrastructure (AWS, Azure, or GCP), container technologies, and service-oriented architectures.
- Security automation experience in at least one of: Go, Python, JavaScript, or Ruby.
- Familiarity with AI/ML security concepts—prompt injection, adversarial inputs, model supply-chain risks, and the OWASP LLM Top 10.
- Working knowledge of AI and LLM tooling (e.g., OpenAI, Anthropic, LangChain).
- Experience implementing controls aligned to NIST CSF, HIPAA, HITRUST, ISO-27001, or SOC-2.
- Strong cross-functional collaboration skills.
- Bachelor’s degree in Computer Science, Engineering, MIS, IT, or equivalent work experience.
Responsibilities
- Contribute to the advancement of secure-by-design practices within the team’s S-SDLC program, including participation in architecture reviews, design consultations, and security guidance.
- Mentor engineers on secure coding practices, AppSec fundamentals, and career growth.
- Facilitate the development of an AI-assisted threat modeling program, spanning risk identification and security architecture.
- Contribute to maturing the team’s established SAST, SCA, and DAST programs through rule tuning and coverage improvements.
- Perform security-focused code reviews of internal and open-source libraries, prioritizing findings by exploitability and impact.
- Support vulnerability remediation efforts by assessing impact, proposing solutions, and validating fixes.
- Identify and implement process improvements and security automation using languages such as Go, Python, JavaScript, or Ruby.
- Contribute to security assessments of AI-integrated product features, including LLM APIs, vector databases, and RAG pipelines.
- Contribute to the research, design, and development of a Secure AI Development Lifecycle (ADLC) in accordance with OWASP Top 10 for LLM Applications.
View Full Description & ApplyYou'll be redirected to the employer's site