Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Biotechnology, SoftwareIndustries
Requirements
Candidates should have 4 years of experience in security engineering, DevSecOps, application security, or related software engineering roles. A strong foundational knowledge of secure coding and OWASP Top 10 risks is required, along with experience in at least one modern programming language such as Python, Java, JavaScript, Go, or C#. Familiarity with cloud platforms like AWS, Azure, or GCP and container technologies such as Docker or Kubernetes is necessary. Exposure to security tooling like SAST, SCA, or DAST scanners (e.g., Semgrep, Endor, Burp) and a basic understanding of identity and access controls (OAuth, SAML, API tokens) are also required. Strong collaboration and communication skills with a willingness to learn and grow are essential.
Responsibilities
The Product Security Engineer will assist in integrating security practices into the software development lifecycle, including design reviews and backlog grooming. They will participate in structured threat modeling exercises and work with engineering teams to review findings from SAST, SCA, DAST, and container scans, tracking remediation progress. Responsibilities also include conducting basic secure code and configuration reviews, escalating high-risk findings, and helping to maintain and enhance security scanning integrations in CI/CD pipelines. Additionally, the role involves assisting in preparing for and triaging penetration tests, and helping to develop security best practices, developer guidance, and response runbooks.
Skills
Product Security
Secure SDLC
Threat Modelling
Vulnerability Triage
SAST
SCA
DAST
Container Scans
Secure Code Review
Configuration Review
Security Tooling
Automation
DevOps
Cloud-First
Smarsh
Archiving and compliance solutions provider
About Smarsh
Smarsh provides archiving and compliance solutions specifically designed for financial services, government agencies, and other regulated industries. Their main product is a cloud-based archive that allows organizations to securely store, search, and manage their communications data, including emails, text messages, and social media interactions. This system helps businesses meet complex security, data privacy, and regulatory requirements. Smarsh differentiates itself from competitors by offering a scalable Software-as-a-Service (SaaS) model that caters to both large enterprises and smaller organizations, ensuring that clients can adapt to evolving regulations. Their goal is to help organizations efficiently manage their communication data, identify risks, and maintain compliance, particularly through tools like Connected Capture for Microsoft Teams, which supports remote workforces.
Portland, OregonHeadquarters
2001Year Founded
$42.4MTotal Funding
BUYOUTCompany Stage
Enterprise Software, Cybersecurity, Financial ServicesIndustries
1,001-5,000Employees
Benefits
Health Insurance
Dental Insurance
Life Insurance
Disability Insurance
Unlimited Paid Time Off
Paid Vacation
Paid Sick Leave
Paid Holidays
Hybrid Work Options
Stock Options
401(k) Company Match
Employee Assistance Programme
Wellness Program
Adoption Assistance
Group Income Protection
Group Life Assurance
Maternity Leave
Paternity Leave
Workplace Pension Scheme
Monthly Wellness Allowance
Company Bonus
Risks
Integration with OpenAI's API may pose compliance and security challenges.
EU's AI Act requires significant adjustments to Smarsh's AI systems.
Expansion into Latin America may expose Smarsh to regional instability.
Differentiation
Smarsh offers cloud-native, context-aware archiving solutions for regulated industries.
The company integrates with popular tools like Microsoft Teams for seamless compliance.
Smarsh serves 9 of the top 10 banks, showcasing its industry trust.
Upsides
Smarsh's global expansion includes a new office in Costa Rica for enhanced support.
Integration with OpenAI's ChatGPT API enhances Smarsh's AI compliance capabilities.
Partnership with Verizon simplifies mobile compliance procurement for Verizon's clients.
Related Jobs
RemoteRemoteDevSecOps Engineer
OddballSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Software Engineer, Secure Agents
Cohere$150,000 - $220,000/year
- Full Time
- Senior (5 to 8 years), Junior (1 to 2 years)
RemoteSecurity Engineer, Cloud Security
OpenAI$279,000 - $385,000/year
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Software Security Engineer
Muon SpaceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteApplication Security Engineer - Remote
PayNearMeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Engineer, App Security
HealthieSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteApplication Security Engineer
RxSenseSalary not specified
- Full Time
- Mid-level (3 to 4 years)
RemotePerformance Modeling Engineer
GroqSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSoftware Engineer, CI/CD
VercelSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteVulnerability Detection Engineer (Content) - Exposure Management (Remo…
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)