Senior Security Engineer, Application Security
Trail of BitsFull Time
Senior (5 to 8 years)
Candidates must have a minimum of 5 years of application security experience, with practical and production-level implementation experience in Django/Python with a security focus. An engineering background (software or DevOps/SRE) is required, enabling the ability to read/modify code, review pull requests, and build proof-of-concepts. Experience with GitHub security, including static code scan review, triage, noise elimination, and remediation driving, is essential. The role requires experience embedding secure SDLC into Git-based workflows and CI/CD, practical knowledge of SOC 2 and familiarity with NIST 800-53, and the ability to translate requirements into technical tasks and evidence. Proficiency in operating across code, application, and DevOps domains (containers, IaC basics, secrets, logging/monitoring) is necessary, along with clear, persuasive communication (verbal and written), prioritization skills, and excellent time management with a proven ability to meet deadlines.
The Senior Application Security Engineer will manage security and risk for internally developed applications, making risk-based decisions and recommending/validating controls. Responsibilities include contributing to the application security roadmap, consulting with engineers on requirements and adoption, conducting security-focused pull request reviews, and serving as a steward for SAST/scanning by triaging findings and driving remediation. The engineer will build reference implementations in Django/Python for security patterns, map SOC 2/NIST requirements to engineering work, and perform threat modeling and architecture reviews to document secure patterns. They will oversee security tasks within the SDLC, collaborate with developers and leads, act as a liaison between business security/privacy/compliance requirements and development teams, and participate as a subject matter expert in security architecture. The role involves recommending application security improvements based on best practices and OWASP standards, reviewing code changes for security impact, ensuring compliance with company security policies, and managing all security-related tickets.
Provides market-based energy and environmental solutions
Energy Solutions focuses on creating large-scale environmental impacts through cost-effective solutions for carbon, energy, and water management. The company works with energy providers, government agencies, and businesses to improve their environmental footprint by offering expertise in energy efficiency, demand management, distributed energy resources, and clean transportation. Their approach involves identifying new technologies and collaborating with partners to accelerate market adoption and establish quality standards. Energy Solutions generates revenue by providing market-driven programs that help clients achieve energy savings and comply with regulations. With over 20 years of experience, the company is known for its reliability and commitment to meeting client needs while delivering significant energy savings and environmental benefits.