Security Engineer (App Sec and Cloud Infra)

Thumbtack

about 1 month ago

Remote, Canada

Mid Level / Senior

H1B Sponsor

Base Salary

$155k - $200k/yr

Responsibilities

Own and deliver application security work within defined projects or domains.
Identify, prioritize, and help remediate application security risks in partnership with engineering teams.
Apply secure-by-default patterns and approved architectures when designing or reviewing systems.
Support cloud infrastructure security by integrating security controls into CI/CD pipelines, IAM, networking, and runtime environments.
Partner with product and engineering teams to assess risk and recommend practical, risk-informed security improvements.
Write code, reviews, and documentation to address vulnerabilities and reduce recurring classes of issues.
Participate in security incident response and contribute to post-incident analysis and remediation.

4+ years of experience in software engineering, application security, or cloud infrastructure security.
Practical experience with application security techniques such as threat modeling and secure design patterns.
Strong understanding of secure coding practices and common application security risks (e.g., OWASP Top 10).
Experience securing cloud-native systems in AWS and/or GCP.
Ability to assess security risks and deliver practical, impactful solutions.
Strong sense of ownership over assigned work and ability to execute independently.
Clear written and verbal communication skills to explain security issues to engineers.

AWSGoogle Cloud Platform