We are seeking a Senior Application Security Engineer who will work with our development team to manage security and risk on our internally developed applications.
Requirements
- Contribute to the application security roadmap for our internal applications—prioritize risks and sequence work across codebases, application layer, and DevOps.
- Consult with engineers to communicate requirements, create actionable tickets/acceptance criteria, and drive adoption.
- Conduct pull request reviews focused on security, provide guidance on refactors, and approve/deny with clear rationale.
- Serve as a steward for SAST/scanning: review static code scan results, triage findings, eliminate noise, and drive remediation with owners.
- Build reference implementations in Django/Python (i.e. authentication patterns, input validation, secrets handling, rate limiting, geo-based access) without direct responsibility for production feature development.
- Map SOC 2/NIST to engineering work: translate requirements into stories, controls, and automated evidence in CI/CD.
- Threat modeling & architecture: navigate libraries/architectures and document secure patterns (ADRs/RFCs) that teams follow.
- Oversee security related tasks in the Software Delivery Life Cycle (SDLC) to ensure software development activities remain in compliance.
- Collaborate with software developers and code base leads.
- Act as a liaison between technical requirements from the business (i.e. security, privacy, compliance) and development teams.
- Participate as a subject matter expert in security architecture, including new designs and design reviews.
- Recommend application security improvements based on best practices, OWASP standards and other web application security frameworks.
- Review architecture and compliance-related code changes for security impact.
- Ensure compliance with all company security policies and standards.
- Manage and maintain all security related tickets, including recommendations, testing, and validation.
Benefits
- Generous retirement package
- Medical, dental and vision insurance
- Other pre-tax contribution plans
- Employee Stock Ownership Plan (ESOP)
