about 22 hours ago
Responsibilities
- Embed security into CI/CD pipelines with automated checks and improvements.
- Drive adoption of secure coding best practices across engineering teams.
- Lead threat modeling exercises for high-risk features.
- Maintain and tune AppSec tooling including SAST, DAST, and container scanning.
- Partner with DevOps to integrate automated testing into workflows.
- Evaluate emerging technologies to enhance AppSec capabilities.
- Lead triage and root-cause analysis for application vulnerabilities.
- Ensure timely remediation through cross-functional partnerships.
- Support security reviews and remediation tied to compliance requirements.
- Conduct manual reviews of critical code paths and services.
- Advise on secure design patterns for microservices and cloud architectures.
- Collaborate with Security Operations during active incidents.
- Perform deep-dive analysis of new vulnerabilities and risks.
- Mentor engineering teams on secure design and coding practices.
- Lead internal workshops and knowledge-sharing sessions.
- Contribute to internal AppSec documentation and standards.
Requirements
- 5+ years of application security, secure development, or software engineering experience.
- Hands-on experience with SAST, DAST, SCA, and CI/CD integration.
- Expertise in OWASP Top 10 and secure coding principles.
- Ability to perform threat modeling and code reviews.
- Experience partnering with Engineering for remediation improvements.
- Preferred experience in SaaS, multi-tenant systems, or high-scale cloud environments.
- Familiarity with SOC 2, GovRAMP, and TX-RAMP.
- Prior background in DevOps, software engineering, or cloud security.
Benefits
- Comprehensive healthcare options for individuals and families.
- Flexible vacation policy and paid company holidays.
- 401(k) with company match.
- Paid parental leave, wellness stipends, and HSA contributions.
- Professional development and growth opportunities.
- Collaborative office environment with weekly catered lunches.