Senior Application Security Engineer

about 4 hours ago

San Francisco, CA, USA or New York, NY, USASenior

Base Salary

$170k - $220k/yr

Responsibilities

Conduct systematic threat modeling to identify risks and propose mitigations.
Perform in-depth security architecture reviews for applications and microservices.
Collaborate with engineering teams to conduct code reviews and champion OWASP Top 10 best practices.
Integrate SAST and DAST into CI/CD pipelines for automated security flaw detection.
Analyze testing reports and guide teams toward effective remediation strategies.
Perform or coordinate targeted penetration tests on critical applications.
Document findings and partner with engineers to implement sustainable fixes.
Advise on encryption mechanisms to safeguard data at rest and in transit.
Oversee secure key management and utilization of cryptographic libraries.
Develop and deliver training on secure coding fundamentals and OWASP principles.
Lead the shift-left security movement by embedding security in early development stages.
Investigate and document application-focused security incidents.
Maintain and refine incident response playbooks for ongoing improvements.
Align AppSec practices with PCI DSS, SOC 2, and relevant frameworks.
Work closely with Risk, Fraud, and Compliance teams to ensure alignment with business goals.

Competitive compensation and equity packages.
Leading configured work computers of your choice.
Flexible paid time off.
Fully covered, high-quality healthcare including dependent coverage.
Access to One Medical and option to enroll in an FSA.
20 weeks of paid parental leave for primary caregivers and 8 weeks for all new parents.
Access to industry-leading technology to foster innovation and productivity.

AWSAzureGoogle Cloud Platform