3 days ago
Responsibilities
- Embed security into CI/CD pipelines through scalable guardrails and automated checks.
- Drive adoption of secure coding best practices across engineering teams.
- Lead threat modeling exercises for high-risk features and architecture patterns.
- Own and maintain AppSec tooling including SAST, DAST, and container scanning.
- Partner with DevOps to integrate automated testing into workflows.
- Evaluate emerging technologies to enhance AppSec capabilities.
- Lead triage and root-cause analysis for application vulnerabilities.
- Ensure timely remediation through cross-functional partnerships.
- Support security reviews and remediation tied to compliance requirements.
- Conduct manual reviews of critical code paths and cloud components.
- Advise on secure design patterns for microservices and data protection.
- Collaborate with Security Operations during active incidents.
- Perform deep-dive analysis of new vulnerabilities and exploit techniques.
- Mentor engineering teams on secure design and coding practices.
- Lead internal workshops and knowledge-sharing sessions.
- Contribute to AppSec documentation and secure development standards.
Requirements
- 8+ years of application security, secure development, or software engineering experience.
- Hands-on experience with SAST, DAST, SCA, and CI/CD integration.
- Expertise in OWASP Top 10, ASVS, and secure coding principles.
- Ability to perform threat modeling, code review, and architecture analysis.
- Experience partnering with Engineering for remediation and maturity improvements.
Benefits
- Comprehensive healthcare options for individuals and families.
- Flexible vacation policy and paid company holidays.
- 401(k) with company match.
- Paid parental leave, wellness stipends, and HSA contributions.
- Professional development and growth opportunities.
- Collaborative office environment with weekly catered lunches.