Senior Security Engineer I - Application Security, Remote

Position Overview

• Location Type: Not specified
• Employment Type: Full Time
• Salary: Not specified

The Senior Security Engineer I for Application Security will be responsible for designing, implementing, and maintaining security services that support the business. This role emphasizes understanding the importance of data and automation and applying them at scale. The ideal candidate will be able to partner cross-functionally with various teams, driving impactful outcomes and further securing the organization’s digital landscape.

Requirements

• Education: BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent experience.
• Experience:
  • 6 years of domain experience without a degree.
  • 4+ years combined experience in an enterprise environment (preferably cloud).
  • 3+ years of experience in a dedicated application security role with a focus on establishing secure SDLC and DevSecOps processes.
  • 2+ years of experience acting as a trusted technical decision-maker in a team setting, solving for short-term and long-term business value.

Responsibilities

• Working cross-functionally to design, build, and operate solutions that continuously improve and automate security capabilities.
• Leveraging data to understand trends, metrics, and opportunities to improve the security posture and then executing on those opportunities with stakeholders.
• Leading and enhancing incident / issues response efforts, spearheading analysis, containment, and mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security incidents / issues.
• Helping craft and refine security documentation pertinent to the Security Program, such as policies, standards, baselines, and standard operating procedures.

Preferred Knowledge, Skills, and Abilities

• Application Security: Knowledge of health-tech systems (Electronic Health Records, Clinical data, PHI, etc.) – direct experience preferred.
• Cloud Experience: Extensive experience in architecting, developing, and deploying large-scale distributed systems at scale within AWS/Azure/GCP environments.
• Vulnerability Management: Extensive experience identifying, evaluating, and triaging vulnerabilities using Static/Dynamic Application Security Testing (SAST/DAST) methodologies and tools.
• Code Review & Threat Modeling: Proven experience conducting code reviews and threat modeling.
• Automation: Extensive experience with developing automated security testing and validation systems using Terraform, CloudFormation, Python, etc.
• Coding Skills: Proficient in coding languages such as Python, R, C++, Javascript.
• Security Controls: Proven experience implementing security controls for web-based SaaS applications, including API Security and WAF.
• AI/LLM Security: In-depth knowledge of AI/LLM and machine learning architectures and best practices for securing them.
• OWASP Top 10: In-depth knowledge of OWASP Top 10 vulnerabilities along with containment and remediation best practices.
• Server-Side Technologies: Strong familiarity with server-side web technologies (e.g., Java, Python, Scala, C#, C++, Go).

Application Instructions

Application instructions are not provided in the job description.

Company Information

Company Information is not provided in the job description.