Application Security Engineer
Opal Securityabout 4 hours ago
San Francisco, CA, USAMid Level / Senior
Responsibilities
- Own the secure SDLC end-to-end, including threat modeling and design reviews.
- Run and coordinate application penetration tests and drive findings to closure.
- Build and maintain SAST/DAST/SCA tooling integrated into CI/CD.
- Triage and remediate vulnerabilities from various sources.
- Develop and maintain security-critical components like encryption services.
- Own the integration of Auth0 with Opal, managing tokens and sessions.
- Investigate and respond to security incidents, finding root causes.
- Collaborate with Infrastructure Engineering on cloud security hardening.
- Mentor engineers on secure coding and security architecture.
- Help set the security roadmap based on product risk.
Requirements
- 4+ years of experience in application security or software security engineering.
- Proficient in writing production code, particularly in Go and TypeScript.
- Strong knowledge of authentication protocols like OAuth 2.0 and OIDC.
- Experience with AWS and containerized environments such as Kubernetes and Docker.
- Familiarity with technologies like React, PostgreSQL, Redis, and GraphQL is a plus.
- Proven track record of leading cross-functional security initiatives.
- Experience running or participating in external penetration tests.
- Ability to thrive in ownership and ambiguous situations.
Tech Stack
AWSDockerGoGraphQLKubernetesPostgreSQLReactRedisTypeScript